Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 CVE-2025-38471: kernel: tls: always refresh the queue when...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_4

This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM...

SUSE-SU-2025:20873-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_4

This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: - CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretm...

Oracle Business Intelligence Enterprise Edition (OAS 8.2) (October 2025 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 8.2.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics...

SUSE-SU-2025:3742-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

SUSE CVE-2025-62409

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...

Exploring the Effect of DNN Depth on Adversarial Attacks in Network Intrusion Detection Systems

Adversarial attacks pose significant challenges to Machine Learning ML systems and especially Deep Neural Networks DNNs by subtly manipulating inputs to induce incorrect predictions. This paper investigates whether increasing the layer depth of deep neural networks affects their robustness agains...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:18979)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18979 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

USN-7797-3 linux-aws vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Virtio block driver; - Media drivers; - Network drivers; - Framebuffer layer; - BTRFS file system; - Ext4 file...

USN-7797-3: Linux kernel (AWS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Virtio block driver; - Media drivers; - Network drivers; - Framebuffer layer; - BTRFS file system; - Ext4 file...

NeuVector telemetry sender is vulnerable to MITM and DoS

Impact This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server at https://upgrades.neuvector-upgrade-responder.livestock.rancher.io. In affected...

HAMLOCK: HArdware-Model LOgically Combined AttacK

The growing use of third-party hardware accelerators e.g., FPGAs, ASICs for deep neural networks DNNs introduces new security vulnerabilities. Conventional model-level backdoor attacks, which only poison a model's weights to misclassify inputs with a specific trigger, are often detectable because...

Unspecified Vulnerability in HCL AION

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...

CVE-2025-59438

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987598 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987549)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987549 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fix missing sentinel for clkdivtable gettablemaxdiv tries to access clkdivtable array ou...

SUSE-SU-2025:3684-1 Security update for the Linux Kernel (Live Patch 72 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122272 fixes one issue. The following security issue was fixed: - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302...

Inside the attack chain: Threat activity targeting Azure Blob Storage

Azure Blob Storage, like any object data service, is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads. Organizations of all sizes use Blob Storage to support key workloads—such as AI, high...

Inside the attack chain: Threat activity targeting Azure Blob Storage

Azure Blob Storage, like any object data service, is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads. Organizations of all sizes use Blob Storage to support key workloads—such as AI, high...

CVE-2025-40016

CVE-2025-40016 affects the Linux kernel uvcvideo path. The fix marks entities with invalid IDs (UVC_INVALID_ENTITY_ID) to enforce non-zero unique IDs for Units and Terminals as required by UVC 1.1+. The change aims to prevent invalid or duplicate IDs (e.g., 0x00 or repeated IDs) from propagating ...