SUSE-SU-2026:21957-1 Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.28.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit bsc1265224. ...

SUSE-SU-2026:20272-1 Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-29.1 fixes one security issue The following security issue was fixed: - CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize bsc1249241. The following non security issue was fixed: - fix addrbitset issue on big-endian machines bsc12569...

CVE-2020-7796

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...

SUSE-SU-2024:2437-1 Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005536 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed false-positive lockdep splat for spinlock in unixgc bsc1223683. - CVE-2024-26930: Fixed double free of the ha-vpmap pointer bsc1223681. - CVE-2024-26828: Fix...

SUSE SLES15 Security Update : kernel (Live Patch 7 for SLE 15 SP5) (SUSE-SU-2024:1040-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1040-1 advisory. - btsockrecvmsg in net/bluetooth/afbluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a btsockioctl race condition...

openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5) (SUSE-SU-2023:4781-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-41056 Redis vulnerable to integer overflow in certain payloads

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...

SUSE SLES15 Security Update : kernel RT (Live Patch 7 for SLE 15 SP5) (SUSE-SU-2023:4781-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:4781-1 advisory. - A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. When...

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

SUSE SLES15 Security Update : kernel RT (Live Patch 7 for SLE 15 SP4) (SUSE-SU-2023:3041-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:3041-1 advisory. - An issue was discovered in flsetgeneveopt in net/sched/clsflower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower...

PT-2023-14286 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow versions Quebec prior to Patch 10 Hot Fix 8b ServiceNow versions Rome prior to Patch 10 Hot Fix 1 ServiceNow versions San Diego prior to Patch 7 ServiceNow versions Tokyo prior to Tokyo Patch 1 ServiceNow versions Utah prior to Uta...

SUSE SLES15 Security Update : kernel RT (Live Patch 7 for SLE 15 SP4) (SUSE-SU-2023:2367-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2367-1 advisory. - cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of...

SUSE SLES15 Security Update : kernel (Live Patch 7 for SLE 15 SP3) (SUSE-SU-2022:2766-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2766-1 advisory. - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2020-15801)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Python CVE-2020-15801 Vulnerability Details CVEID: CVE-2020-15801 DESCRIPTION: Python could allow a local attacker to execute arbitrary code on the system, caused by an issue with sys.path restrictions specified in a python38.pth fi...

Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal (CVE-2020-4993)

Summary IBM QRadar SIEM is vulnerable to path traversal attack. Vulnerability Details CVEID: CVE-2020-4993 DESCRIPTION: IBM QRadar SIEM when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. CVSS Base score: 4.9 CVSS Tempor...

Security Bulletin: IBM QRadar SIEM is vulnerable to insecure inter-deployment communication (CVE-2020-4979)

Summary IBM QRadar SIEM is vulnerable to insecure inter-deployment communication Vulnerability Details CVEID: CVE-2020-4979 DESCRIPTION: IBM QRadar SIEM is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to...

Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2021-20401, CVE-2020-4932)

Summary IBM QRadar SIEM contains hard-coded credentials Vulnerability Details CVEID: CVE-2020-4932 DESCRIPTION: IBM QRadar contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or...

Xxe

An XML External Entities XXEvulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7...

CVE-2020-4888

IBM QRadar SIEM is vulnerable to deserialization of untrusted data (CVE-2020-4888). Affected versions are QRadar SIEM 7.4.0–7.4.2 Patch 1 and 7.3.0–7.3.3 Patch 7. The issue arises from insecure Java deserialization of user-supplied content, enabling a remote attacker to execute arbitrary commands...

Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4787)

Summary IBM QRadar SIEM is vulnerable to Server Side Request Forgery Vulnerability Details CVEID: CVE-2020-4787 DESCRIPTION: IBM QRadar is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...