Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.30 fixes various security issues The following security issues were fixed: CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt bsc1245778. CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow...

CVE-2025-66019 pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP6) (SUSE-SU-2025:3970-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:3970-1 advisory. This update for the Linux Kernel 6.4.0-1506002370 fixes one issue. The following security issue was fixed: - CVE-2025-38664: ice: Fix a null pointer...

pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...

Fedora 42 : rust-az-cvm-vtpm / rust-az-snp-vtpm / rust-az-tdx-vtpm / etc (2025-2408b72979)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-2408b72979 advisory. Rebase trustee-guest-components to v0.13.0 Include rust-az-???-vtpm packages rebase to version 0.7.4 Adjust patches to work with 'sev' version 6...

SUSE-SU-2025:03217-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002330 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...

SUSE CVE-2024-23638

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

DEBIAN-CVE-2024-23638

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

PT-2024-1098

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.28 Description A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmd cfg pkts function improperly updates the refcnt on struct net device, and a use-after-free can be triggered ...

Trend Micro Mobile Security vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for Trend Micro Mobile Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A cross-site scripting attack may be conducted if a user who is logged in to the...

SUSE CVE-2022-29238

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...

CVE-2022-38463

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...

PT-2022-24418 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow versions through San Diego Patch 4b and Patch 6 Description: The issue allows reflected XSS in the logout functionality. This can potentially be exploited by attackers to execute malicious scripts on user systems. Recommendations:...

ServiceNow San Diego Patch 跨站脚本漏洞

ServiceNow San Diego Patch is a series of patches from ServiceNow USA. A cross-site scripting vulnerability exists in ServiceNow San Diego Patch 4b and Patch 6 and prior versions, which stems from allowing XSS in the logout function...

GHSA-273R-MGR4-V34F Uncaught Exception in engine.io

Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear at Receiver.getInfo /.../nodemodules/ws/lib/receiver.js:176:14 at Receiver.startLoop...

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-14077)

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in the flashcanvas.swf file in versions of OpenEMR...

FreeBSD Code Execution Vulnerability

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD versions prior to 11.2-STABLE r341486 and prior ...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2018-24617)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...

IBM QRadar Resource Management Vulnerability

IBM QRadar is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A resource management...

DEBIAN-CVE-2017-6303

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."...