ruby security update

3.0.7-165 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-86104 - Fix ReDoS in CGI::UtilescapeElement. CVE-2025-27220 Resolves: RHEL-86130 3.0.7-164 - Undefine GC compaction methods on ppc64le. Resolves: RHEL-83136 - Fix printing warnings when using IRB from a script...

Avoid Using Wireless Networks

If the hardware device contains wireless modules such as Wi-Fi and Wi-Fi is enabled in the system, the server may connect to the network wirelessly. If the connection is not managed, the network may be unstable and the attack surface increases. If no wireless network is used, you are advised to...

Malicious code in vite-plugin-node-modules-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba225e7480a310032d62d6de3db636b57a0bb3e2594bf99605df20b09352eab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3653 Malicious code in vite-plugin-node-modules-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba225e7480a310032d62d6de3db636b57a0bb3e2594bf99605df20b09352eab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GO-2025-3648 Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks in github.com/rancher/stev

Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle MitM attacks in github.com/rancher/stev. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 (RHSA-2025:4496)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4496 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github.com/truthfulpharm/prototransfor...

BIT-MOODLE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

PT-2025-18587 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns undefined behavior in bit shift for CAP TO MASK in the Linux kernel. Specifically, shifting a signed 32-bit value by 31 bits is undefined. To address this, the...

[SECURITY] Fedora 40 Update: perl-5.38.4-508.fc40

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

CVE-2025-25403

Slims Senayan Library Management Systems 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/masterfile/colltype.php...

CVE-2025-3301

DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to u...

CVE-2025-3301

CVE-2025-3301 concerns DPA countermeasures being unavailable for ECDH key agreement and EdDSA signing on Curve25519 and Curve448 on all Series 2 modules and SoCs due to lack of hardware and software support. The consequence is potential exposure of confidential information if a DPA attack is succ...

PT-2025-18163 · Series 2 · Series 2

Name of the Vulnerable Software and Affected Versions: Series 2 modules and SoCs affected versions not specified Description: A lack of hardware and software support for DPA countermeasures in ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 may result in exposure of...

Oracle Linux VM Restored to Azure Fails to Boot

Challenge After restoring a VM to Azure that ran Oracle Linux, that VM fails to boot. Cause Some Oracle Linux deployments may not include the Hyper-V-related UEK Unbreakable Enterprise Kernel modules, such as: hvvmbus hvstorvsc hvutils hvnetvsc When these modules are missing, issues can occur...

Tenda i24和Tenda W12 安全漏洞

The Tenda W12 and i24 is a wireless router made by Tenda. A buffer overflow vulnerability exists in the Tenda W12 and i24. The vulnerability stems from a parameter json in /goform/modules that fails to properly validate the length and size of the input data, which can be exploited by an attacker ...

CVE-2025-3511

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station...

GO-2025-3642 Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks

Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module...

GO-2025-3644 Mattermost Playbooks fails to properly validate permissions in github.com/mattermost/mattermost-plugin-playbooks

Mattermost Playbooks fails to properly validate permissions in github.com/mattermost/mattermost-plugin-playbooks. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

GO-2025-3643 Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks

Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...