SUSE CVE-2024-10006

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

SUSE-SU-2026:1725-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.51 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during...

SUSE-SU-2026:21506-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

SUSE CVE-2026-23204

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header

...

CVE-2025-68343

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostframe and...

EUVD-2024-2948

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-31161

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account e.g., crushadmin, potentially leading to a full compromise...

PT-2024-1927

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.8.1 Rack versions prior to 3.0.9.1 Description The issue is related to a denial of service vulnerability in Rack's content type parsing, where carefully crafted content type headers can cause the media type parser to...

PT-2024-13395 · Abo.Cms · Abo.Cms

Name of the Vulnerable Software and Affected Versions: ABO.CMS version 5.9.3 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via a crafted payload to the Referer header. This enables the attacker to perform unauthorized actions on the affected system...

PT-2023-20799 · Veritas · Veritas Appliance

Name of the Vulnerable Software and Affected Versions: Veritas Appliance version 4.1.0.1 Description: The issue allows for Host Header Injection attacks, where the HTTP host header can be manipulated, causing the application to behave in unexpected ways. Any changes made to the header would resul...

CVE-2018-10082

CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...