Cross-site Scripting (XSS)

Overview open-web-calendar is an Embed a highly customizable web calendar into your website using ICal source links Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing validations in URL protocols and unsanitized error messages, leading to data theft or...

[SECURITY] [DLA 4038-1] dcmtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4038-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 31, 2025 https://wiki.debian.org/LTS -...

The vulnerability of the me_huge_page() function in the mm/memory-failure.c module of the Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the mehugepage function in the mm/memory-failure.c module of the Linux kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a system failure...

The vulnerability of Microsoft Edge browser (based on Chromium) relates to information representation errors in the user interface, allowing attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge based on Chromium is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

The vulnerability of the Root Certificate Handler component of the software solution for secure remote access to data in Palo Alto Networks’ GlobalProtect App allows a malicious actor to escalate their privileges.

The vulnerability of the Root Certificate Handler component in the software for secure remote access to data in the Palo Alto Networks GlobalProtect App is related to errors in the certificate validation process. Exploiting this vulnerability can allow attackers to increase their privileges...

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c

...

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c

...

The vulnerability of the Opigno Learning path CMS system’s Drupal module lies in errors during the processing of input data during syntax analysis of code. This allows attackers to execute arbitrary code.

The vulnerability of the Opigno Learning path CMS system’s Drupal component is related to errors in data processing during syntax analysis of code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Opigno’s Drupal CMS system lies in errors during the processing of input data during syntax analysis, allowing attackers to execute arbitrary code.

The vulnerability of Opigno’s Drupal CMS system is related to errors in data processing during syntax analysis of code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Advisory ROSA-SA-2025-2631

software: libheif 1.12.0 WASP: ROSA-CHROME packageevrstring: libheif-1.12.0-4 CVE-ID: CVE-2021-36410 BDU-ID: 2023-01688 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the putepelhvfallback function of the fallback-motion.cc component of the h.265 Libde265 video codec implementation is related to...

SUSE CVE-2025-24389

Certain errors of the upstream libraries will insert sensitive information in the OTRS or OTRS Community Edition log mechanism and mails send to the system administrator. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS...

The vulnerability of the Linux operating system’s kernel, related to errors in resource release, allows a attacker to trigger a Denial-of-Service attack.

The vulnerability of the Linux operating system’s kernel is related to errors during resource release. Exploiting this vulnerability can allow an attacker to trigger a Denial-of-Service attack...

The vulnerability of the nf_tables component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the nftables component in the Linux operating system’s kernel is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-20250128-05

Vulnerability of the library for processing XML and HTML Lxml markup is related to pointer dereferencing errors NULL in the iterwalk function. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

The vulnerability of the devm_kzalloc function in the pcmdevice_i2c_probe component of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the devmkzalloc function in the pcmdevicei2cprobe component of the Linux kernel is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the Linux operating system’s kernel, related to errors in thread locking, allows a hacker to trigger a service failure.

The vulnerability of the Linux operating system’s kernel is related to errors during thread blocking. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Linux operating system’s kernel, related to pointer arithmetic errors, allows a hacker to trigger a service failure.

The vulnerability of the Linux operating system’s kernel is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE-SU-2025:0254-1 Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005565 fixes several issues. The following security issues were fixed: - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefileswithdrawcookie bsc1229275. - CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. - CVE-2024-50264:...

SUSE-SU-2025:0255-1 Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600237 fixes several issues. The following security issues were fixed: - CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781. ...

Advisory ROSA-SA-2025-2572

software: squid 5.10 OS: ROSA-CHROME packageevrstring: squid-5.10-1 CVE-ID: CVE-2024-45802 BDU-ID: 2024-08860 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to input processing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cau...