Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.18.0 release

Red Hat OpenShift Dev Spaces 3.18 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System...

SUSE-SU-2025:20042-1 Security update for selinux-policy

This update for selinux-policy fixes the following issues: Update to version 20230523+git25.ad22dd7f: Backport wtmpdb label change to have the same wtmpdb label as in SL Micro 6.1 bsc1229132 Add authrwwtmpdbloginrecords to domains using authmanageloginrecords Add authrwwtmpdbloginrecords to modul...

SUSE CVE-2025-21679

In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside getcanonicaldevpath Inside function getcanonicaldevpath, we call dpath to get the final device path. But dpath can return error, and in that case the next strscpy call will trigger an...

CVE-2025-21679

In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside getcanonicaldevpath Inside function getcanonicaldevpath, we call dpath to get the final device path. But dpath can return error, and in that case the next strscpy call will trigger an...

Reflected Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of error messages, which allows execution of a malicious payload included in a URL when the website is set to the "dev" environment mode...

CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

CVE-2024-9496

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer...

CVE-2024-9496

CVE-2024-9496 concerns the USBXpress Dev Kit installer from Silicon. The vulnerability is an uncontrolled search path that enables DLL hijacking in the installer process. The resulting impact, as stated across sources, is privilege escalation and arbitrary code execution when the impacted install...

CVE-2024-9496 Uncontrolled search path can lead to DLL hijacking in USBXpress Dev Kit installer

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer...

CVE-2024-9496 Uncontrolled search path can lead to DLL hijacking in USBXpress Dev Kit installer

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer...

Silicon USBXpress Win 98SE Dev Kit installer 代码问题漏洞

Silicon USBXpress Win 98SE Dev Kit installer is a USBXpress Win 98SE Dev Kit installer from Silicon. A security vulnerability exists in the Silicon USBXpress Win 98SE Dev Kit installer that originates from an uncontrolled search path. An attacker could exploit the vulnerability to escalate...

PT-2025-3721 · Unknown · Usbxpress Dev Kit

Name of the Vulnerable Software and Affected Versions: USBXpress Dev Kit affected versions not specified Description: The issue is caused by an uncontrolled search path in the USBXpress Dev Kit installer, leading to DLL hijacking vulnerabilities. These vulnerabilities can result in privilege...

Silicon USBXpress Dev Kit installer 代码问题漏洞

Silicon USBXpress Dev Kit installer is a USBXpress Dev Kit installer from Silicon. A security vulnerability exists in the Silicon USBXpress Dev Kit installer that originates from an uncontrolled search path. An attacker could exploit the vulnerability to escalate privileges and execute arbitrary...

Debian dla-3700 : libcjson-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3700 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3700-1 [email protected] https://www.debian.org/lts/security/...

Debian dla-3704 : libxerces-c-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3704 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3704-1 [email protected]...

GHSA-VG6X-RCGG-RJX6 Websites were able to send any requests to the development server and read the response in vite

Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. !WARNING This vulnerability even applies to users that only run the Vite dev server on the loc...

SUSE CVE-2025-21645

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Wakeup for IRQ1 should be disabled only in cases where i8042 had actually enabled it, otherwise "wakedepth" for this IRQ will try to drop below zero a...

Debian dla-4024 : libpoco-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4024 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4024-1 [email protected] https://www.debian.org/lts/security/...

SUSE CVE-2024-57795

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to netdevice The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call...

SUSE CVE-2024-57844

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drmdeventer/drmdevexit. This fixes the followin...