PT-2025-2692

Name of the Vulnerable Software and Affected Versions Google Go versions up to 1.22.10/1.23.4 Description A certificate with a URI which has an IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not...

CVE-2025-21171 .NET Remote Code Execution Vulnerability

...

PT-2025-3553 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: JeeWMS versions prior to 2025.01.01 Description: The issue is related to a permission bypass in the component /interceptors/AuthInterceptor.cava. This component is part of the JeeWMS system, and the bypass could potentially allow unauthorized...

Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6

Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...

CVE-2024-47809 dlm: fix possible lkb_resource null dereference

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...

PT-2025-1073

Name of the Vulnerable Software and Affected Versions Junos OS SRX Series versions prior to 21.4R3-S8 Junos OS SRX Series versions 22.2 through 22.2R3-S5 Junos OS SRX Series versions 22.3 through 22.3R3-S3 Junos OS SRX Series versions 22.4 through 22.4R3-S2 Junos OS SRX Series versions 23.2 throu...

GHSA-R5VF-WF4H-82GG matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...

CVE-2024-56657

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

CVE-2024-56657

CVE-2024-56657 relates to the Linux kernel ALSA: control path where WARN() was used for symlink creation errors. The fix downgrades these warnings to dev_err() and adds the function name to the prefix to reduce confusion (notably for fuzzers). This is a patch-level remediation described in Azure ...

PT-2024-14027 · Ibm · Ibm Storage Defender - Resiliency Service

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.9 Description: The issue could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. Recommendations: For...

PT-2024-9739

Name of the Vulnerable Software and Affected Versions: GFI Kerio Control versions 9.2.5 through 9.4.5 Description: An issue was discovered in GFI Kerio Control where the dest GET parameter passed to the "/nonauth/addCertException.cs", "/nonauth/guestConfirm.cs", and "/nonauth/expiration.cs" pages...

PT-2024-17232 · WordPress · Eveeno

Name of the Vulnerable Software and Affected Versions: Eveeno plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode due to insufficient input sanitization and output escaping on user-supplied...

CVE-2024-55652 PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...

Security update for nodejs20

This update for nodejs20 fixes the following issues: CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Updated to 20.18.1: Experimental Network Inspection Support in Node.js Exposes X509VFLAGPARTIALCHAIN to tls.createSecureContext New...

Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122216 fixes several issues. The following security issues were fixed: CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. CVE-2024-35863: Fixed potential UA...

PT-2024-9183 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: Information Disclosure vulnerabilities allow access to application configuration information. The issue is related to errors in...

Security update for python3-virtualenv

This update for python3-virtualenv fixes the following issues: Security issue fixed: CVE-2024-53899: Fixed a command injection through activation scripts bsc1233706 Non-security issue fixed: Relax version requirements that cannot be provided bsc1232072 Patch Instructions: To install this SUSE...

PT-2024-16745 · Tumult · Tumult Hype Animations

Name of the Vulnerable Software and Affected Versions: Tumult Hype Animations plugin for WordPress versions up to, and including, 1.9.15 Description: The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations...

PT-2024-17154 · Unknown · 1000 Projects Beauty Parlour Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Beauty Parlour Management System version 1.0 Description: A critical vulnerability was found in the 1000 Projects Beauty Parlour Management System. The issue affects an unknown functionality of the file /admin/edit-services.php...

PT-2024-8684 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent version 20 Description: A security agent manual scan command injection issue in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected...