173 matches found
SUSE-SU-2025:20881-1 Security update for kernel-livepatch-MICRO-6-0_Update_5
This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: - CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem...
SUSE-SU-2025:20919-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_11
This update for kernel-livepatch-MICRO-6-0-RTUpdate11 fixes the following issues: - CVE-2025-38566: sunrpc: fix handling of server side tls alerts bsc1248376 - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673 - CVE-2025-38678: netfilter:...
SUSE-SU-2025:20880-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_11
This update for kernel-livepatch-MICRO-6-0-RTUpdate11 fixes the following issues: - CVE-2025-38566: sunrpc: fix handling of server side tls alerts bsc1248376 - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673 - CVE-2025-38678: netfilter:...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_10
This update for kernel-livepatch-MICRO-6-0-RTUpdate10 fixes the following issues: CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 CVE-2025-38471: kernel: tls: always refresh the queue when...
SUSE-SU-2025:20877-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_8
This update for kernel-livepatch-MICRO-6-0-RTUpdate8 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 - CVE-2025-38471: kernel: tls: always refresh the queue...
Security update for kernel-livepatch-MICRO-6-0_Update_5
This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM...
SUSE-SU-2025:20914-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_6
This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 - CVE-2025-38471: kernel: tls: always refresh the queue...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_4
This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM...
CVE-2025-59048 OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method
OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...
CVE-2025-59048
OpenBao's AWS Plugin (auth-aws) is affected by CVE-2025-59048: prior to v0.1.1, cross-account IAM role impersonation is possible when an untrusted account has a role with the same name as a trusted account, enabling unauthorized access in multi-account AWS setups. The issue has a patch in v0.1.1;...
SUSE-SU-2025:3742-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...
Exploit for CVE-2021-4191
Nuclei POC Duplicate Detection Tool This tool is written in G...
Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw
The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...
EUVD-2023-59828
Malicious code in bioql PyPI...
EUVD-2025-7039
Malicious code in bioql PyPI...
EUVD-2022-30412
Malicious code in bioql PyPI...
EUVD-2024-29948
Malicious code in bioql PyPI...
PT-2025-46555
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the drm/vmwgfx component, specifically in the validation process. Nodes stored in the validation duplicates hashtable, originating...
CVE-2023-53256 firmware: arm_ffa: Fix FFA device names for logical partitions
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Fix FFA device names for logical partitions Each physical partition can provide multiple services each with UUID. Each such service can be presented as logical partition with a unique combination of VM ID and...
CVE-2023-53256 firmware: arm_ffa: Fix FFA device names for logical partitions
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Fix FFA device names for logical partitions Each physical partition can provide multiple services each with UUID. Each such service can be presented as logical partition with a unique combination of VM ID and...