Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: mgr-push: Version 5.2.3-0 Disable build for SLES 16 rhnlib: Version 5.2.4-0 Disable build for SLES 16 spacecmd: Version 5.2.6-0 Update translation strings spacewalk-client-tools: Version 5.2.4-0 Disable build for SLES 16 uyuni-common-libs: Version 5.2.3-0...

BIT-CEPH-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...

SUSE-SU-2025:4458-1 Security update 5.0.6 for Multi-Linux Manager Client Tools

This update fixes the following issues: dracut-saltboot: - Update to version 1.0.0 Reboot on salt key timeout bsc1237495 Fixed parsing files with space in the name bsc1252100 grafana was updated from version 11.5.5 to 11.5.10: - Security issues fixed: CVE-2025-47911: Fix parsing HTML documents...

CVE-2025-64993 Command Injection in 1E-ConfigMgrConsoleExtensions Instructions

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...

EUVD-2018-19011

Malware in sbrugna...

EUVD-2022-42298

Malicious code in bioql PyPI...

MAL-2025-24853 Malicious code in l10n-mgr (npm)

The package l10n-mgr was found to contain malicious code...

Asrmicro ASR Series 安全漏洞

The Asrmicro ASR Series is a series of chips from China's Avantage Technology Asrmicro. A security vulnerability exists in Asrmicro ASR Series, which originates from an improper resource release in the dialertask.C file in the conmgr component, which could lead to a resource leak...

CVE-2022-39853

A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault...

com.alilitech:boot-plus-log (>=2.1.0 <=2.1.5), com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0) +19 more potentially affected by CVE-2025-27152 via org.webjars.npm:axios (>=1.15.2 <=1.7.2)

org.webjars.npm:axios MAVEN version =1.15.2, =2.1.0, =2.0.0, =1.0.3, =1.0.0, =2.1.1, =1.0.0, =1.0.0, =2.1.3, =2.0.0, =1.0.2, =4.22.2, =4.22.2, =0.0.1, =1.0.0 - org.webjars.npm:posthog-node =4.17.1 and more Source cves: CVE-2025-27152 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9376923...

SUSE CVE-2024-42065

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add a NULL check in xettmstolenmgrinit Add an explicit check to ensure that the mgr is not NULL...

CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add a NULL check in xettmstolenmgrinit Add an explicit check to ensure that the mgr is not NULL...

CVE-2024-36144

CVE-2024-36144 : Adobe Experience Manager (AEM) versions 6.5.20 and earlier are affected by a stored XSS vulnerability in form fields. The root cause is inadequate input sanitization, allowing attacker-supplied scripts to run in a victim’s browser when visiting pages containing the vulnerable fie...

CVE-2024-36217 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36189

CVE-2024-36189 affects Adobe Experience Manager 6.5.20 and earlier with a stored XSS in vulnerable form fields. Exploitation can cause malicious JavaScript to run in a victim’s browser when visiting pages containing the field. The issue is acknowledged in public advisories and a remediation updat...

CVE-2024-26078 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36168 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26076 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

openSUSE: Security Advisory for installation-images (SUSE-SU-2023:1831-1)

The remote host is missing an update for the installation-images packages announced via the SUSE-SU-2023:1831-1 advisory. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2023-48604 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...