CLSA-2026-1770028764 kernel: Fix of 14 CVEs

efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...

OPENSUSE-SU-2025:20031-1 Security update for warewulf4

This update for warewulf4 fixes the following issues: Changes in warewulf4: - Update to version 4.6.4: v4.6.4 release updates Convert disk booleans from wwbool to bool which allows bools in disk to be set to false via command line bsc1248768 Update NetworkManager Overlay Disable ipv4 in...

EUVD-2022-51458

Malicious code in bioql PyPI...

EUVD-2023-24415

Malicious code in bioql PyPI...

iPXE TLS tls.c tls_new_ciphertext information exposure

...

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

SUSE SLES15 Security Update : qemu (SUSE-SU-2025:0692-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0692-1 advisory. - CVE-2024-8612: Fixed information leak in virtio devices bsc1230915. - CVE-2024-7409: Fixed denial of service via improper...

Security update for qemu

This update for qemu fixes the following issues: CVE-2024-8612: Fixed information leak in virtio devices bsc1230915. CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure bsc1229007. CVE-2024-3447: Fixed heap buffer overflow in...

SUSE-SU-2025:0692-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2024-8612: Fixed information leak in virtio devices bsc1230915. - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure bsc1229007. - CVE-2024-3447: Fixed heap buffer overflow in...

RHEL 7 : ipxe (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ipxe: Padding oracle attack vulnerability CVE-2022-4087 Note that Nessus has not tested for this issue but has...

Cisco IOS XR Software iPXE Boot Signature Bypass (cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to...

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

Design/Logic Flaw

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

CVE-2023-20236

Cisco IOS XR’s iPXE boot function is vulnerable to an image-verification bypass. An authenticated, local attacker could manipulate iPXE boot parameters to load an unverified/rogue image on the device due to insufficient image verification. Cisco has released software updates addressing this vulne...

Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

iPXE Information Disclosure Vulnerability

iPXE is iPXE open source a network bootstrap program . An information disclosure vulnerability exists in versions of iPXE prior to iPXE 2022.11.08 that affects the tlsnewciphertext function in the component TLS src/net/tls.c file and can be exploited by an attacker to obtain sensitive information...

CVE-2022-4087

A vulnerability was found in ipxe. This issue affects the tlsnewciphertext function in the src/net/tls.c file of the TLS component. The manipulation of the padlen argument leads to information exposure due to discrepancy...