229 matches found
SUSE-SU-2026:2086-1 Security update for postgresql14
This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...
systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data
A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with spurious data. In older versions v249 and earlier, this can lead to stack overwriting with attacker-controlled content,...
CVE-2026-22017 affecting package mysql for versions less than 8.0.46-1
CVE-2026-22017 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...
DEBIAN-CVE-2026-31640
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
CVE-2026-31640 rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
CVE-2026-31640
CVE-2026-31640 affects the Linux kernel rxrpc component. The issue occurs in rxrpc_post_response() where the code compares the challenge serial number using the newer packet private data instead of the cached/older response, causing the comparison to always be false and potentially preventing the...
EUVD-2026-25533
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
CVE-2026-31640
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
PT-2026-34992
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpc post response, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...
EUVD-2025-209528
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...
CVE-2025-65104 Firebird: Information leak vulnerability in firebird3 client when used with newer server
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...
BIT-PARSE-2026-39321 Parse Server has a login timing side-channel reveals user existence
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0 and 8.6.74, he login endpoint response time differs measurably depending on whether the submitted username or email exists in the database. When a user is not found, the server...
Unquoted Search Path or Element
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Unquoted Search Path or Element in the app.setLoginItemSettings function on Windows when the executable path is written to...
CVE-2025-67806
The login mechanism of Sage DPW 202106004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behavior in newer versions...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CLEANSTART-2026-SW07802 Security fixes for CVE-2025-61729 applied in versions: 1.1.0-r0
Security vulnerability affects the external-secrets package. This issue is resolved in later releases. See references for vulnerability details...
PT-2026-29543
The login mechanism of Sage DPW 2025 06 004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021 06 000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2026-29111
A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with spurious data. In older versions v249 and earlier, this can lead to stack overwriting with attacker-controlled content,...