Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it return a "WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211" caused by the chandef.chan being null at t...

ixgbevf: fix mailbox API compatibility by negotiating supported features

...

SUSE CVE-2025-40104

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily...

CVE-2023-53542 ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy For some reason, the driver adding support for Exynos5420 MIPI phy back in 2016 wasn't used on Exynos5420, which caused a kernel panic. Add the proper compatible...

CVE-2024-54537

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox...

UBUNTU-CVE-2024-42106

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in rawlookup 1. Diag for raw sockets uses the pad field in struct inetdiagreqv2 for the underlying protocol. This field corresponds to the...

Arbitrary memory address read vulnerability with Regex search

If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby...

VulnCheck KEV: CVE-2022-4702

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfixroyalcompatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin...

SUSE-SU-2022:4290-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition bsc1204471. - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can...

openSUSE: Security Advisory for nbd (SUSE-SU-2022:1276-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

April 12, 2022-KB5012123 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2

April 12, 2022-KB5012123 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 Release Date: April 12, 2022 Version: .NET Framework 3.5 and 4.8 Summary Security Improvements This security update addresses an issue where an unauthenticated attacker cou...

SUSE-SU-2020:3235-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: bind-formula: - Temporarily disable dnssec-validation as hotfix for bsc1177790 grafana-formula: - Use variable for product name - Add HA/SAP dashboards - Add support for system groups in Client Systems dashboard image-sync-formula: - Do not use .gz suffix f...

openSUSE Security Update : roundcubemail (openSUSE-2020-1516)

This update for roundcubemail fixes the following issues : roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. boo1175135 - Security: Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 - Security: Fix cross-site scripting XS...

openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189)

This update for MozillaFirefox fixes the following issues : This update for MozillaFirefox and pipewire fixes the following issues : MozillaFirefox Extended Support Release 78.1.0 ESR - Fixed: Various stability, functionality, and security fixes bsc1174538 - CVE-2020-15652: Potential leak of...

SUSE-SU-2020:0495-1 Security update for ovmf

This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth bsc1094291. - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation bsc1163959. -...

Fedora 31 : mingw-libidn2 (2019-1ebb5c928e)

Libidn 2.3.0 released 2019-11-14 ================================== - Mitre has assigned CVE-2019-12290 which was fixed by the roundtrip feature introduced in 2.2.0 commit 241e8f48 - Update the data tables from Unicode 6.3.0 to Unicode 11.0 - Turn idn2punycodeencode, idn2punycodedecode into compa...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 3.0 security and bug fix update

An update for ceph is now available for Red Hat Ceph Storage for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

SUSE-SU-2017:2745-1 Security update for wpa_supplicant

This update for wpasupplicant fixes the security issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated...

Fedora 24 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-b4919ffe56)

Fix for CVE-2016-6317 rhbz1366479 - Fix argument error for instanceexec for Ruby 2.3 compatibility Only rubygem-activerecord f24 - Improve tests not to accept the failures Only rubygem-activerecord Note that Tenable Network Security has extracted the preceding description block directly from the...

Fedora 24 : roundcubemail-1.1.5-1.fc24 (2016-aff691237e)

Release 1.1.5 Plugin API: Added html2text hook Plugin API: Added addressbookexport hook Fix missing emoticons on html-to-text conversion Fix random 'access to this resource is secured against CSRF' message at logout 4956 Fix missing language name in 'Add to Dictionary' request in HTML mode 4951...