CVE-2022-49304 drivers: tty: serial: Fix deadlock in sa1100_set_termios()

In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100settermios There is a deadlock in sa1100settermios, which is shown below: Thread 1 | Thread 2 | sa1100enablems sa1100settermios | modtimer spinlockirqsave //1 | wait a time ... |...

PT-2025-26483

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions 7.0.0 through 10.0.0 Description: The issue allows a specially crafted request or proxy to bypass the design of DNN Login IP Filters, enabling login attempts from IP addresses not in the allow list. This has...

PT-2025-7539 · Dell · Dell Recoverpoint For Virtual Machines

Name of the Vulnerable Software and Affected Versions: Dell Recover Point for Virtual Machines version 6.0.X Description: The issue is related to weak file system permissions. A low-privileged local attacker could potentially exploit this, impacting only non-sensitive resources in the system...

PT-2025-7324 · WordPress · Ultraembed – Advanced Iframe Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: The UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included versions up to, and including, 1.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode due to insufficient...

Advisory ROSA-SA-2025-2690

Software: zabbix 6.0.12 OS: ROSA Virtualization 3.0 packageevrstring: zabbix-6.0.12-1.0.1 CVE-ID: CVE-2023-32724 BDU-ID: 2024-06936 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System is related to improper assignment of permissions for a critical resource...

Fyrox has unsound usages of `Vec::from_raw_parts`

The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Other fixes: Update to version 3.11.11. Remove -IVendor/ from python-config. bsc1231795 Patch Instructions: To install this SUSE...

Security update for SUSE Manager Client Tools MU 5.0.3

This update fixes the following issues: spacecmd was updated to version 5.0.11-0: Updated translation strings uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: Security issues fixed: CVE-2024-22037: Use podman secret to store the database credentials bsc1231497 Other changes and bugs...

SUSE: Security Advisory (SUSE-SU-2025:0388-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-5913 · Nirmal Kumar Ram · Wp Social Stream

Name of the Vulnerable Software and Affected Versions: WP Social Stream versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in Nirmal Kumar Ram WP Social Stream. Recommendations: For WP Social Stream versions 1.1 and earlier,...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...

Security update for patch

This update for patch fixes the following issues: CVE-2019-20633: Fix double-free/OOB read in pch.c bsc1167721 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059164 fixes several issues. The following security issues were fixed: CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956: ipv6...

Oracle Critical Patch Update, January 2025 Security Update Review

Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, includin...

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Oracle is urging customers to apply its January 2025 Critical Patch Update CPU to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management PLM Framework CVE-2025-21556, CVSS score: 9.9 that...

CVE-2024-57933

CVE-2024-57933 (Linux kernel, GVE/XDP/XSK) : The issue arises from races around XSK/XDP queue existence. The patch adds guards to XSK operations and XDP xmit/NDO paths based on queue existence and interface state, preventing crashes when interfaces go down or queues disappear during operation. It...

PT-2025-1257 · Oracle · Oracle Agile Plm Framework

Name of the Vulnerable Software and Affected Versions: Oracle Agile PLM Framework version 9.3.6 Description: The issue is related to insufficient input validation in the Agile Integration Services component, allowing a low-privileged attacker with network access via HTTP to compromise the Oracle...

Azul Zulu Java Vulnerability (2025-01-21)

The version of Azul Zulu installed on the remote host is 11 prior to 11.77.14 / 17 prior to 17.55.14 / 21 prior to 21.39.14 / 23 prior to 23.32.12. It is, therefore, affected by a vulnerability as referenced in the 2025-01-21 advisory. Note that Nessus has not tested for this issue but has instea...

Oracle Critical Patch Update Advisory - January 2025

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Fedora 40 : stb (2025-49e8952aab)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-49e8952aab advisory. Add another patch for the root cause of CVE-2021-45340. We already have a patch for CVE-2021-45340, but adding this new patch may prevent a related, unproven...