Security update for perl-Authen-SASL, perl-Crypt-URandom

This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: CVE-2025-40918: Fixed insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: Included 0.540.0 for use by perl-Authen-SASL in SLE-15 jscPED-13306 / bsc1246623. Patch...

Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2025...

Vulnerabilities fixed in Citrix NetScaler ADC and Gateway

Citrix has fixed vulnerabilities in the NetScaler ADC and Gateway The vulnerabilities are related to memory overflow and improper access control configurations. Malicious parties can exploit the vulnerabilities to cause a Denial-of-Service and potentially execute arbitrary code on the vulnerable...

Solaris 10 (i386): 122260-12

SunOS 5.10: SunOS 5.10x86: SunFreeware GNU ESP Ghostscript Patch. Date this patch was last updated by Sun : Oct/07/24 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255270;...

TencentOS Server 4: firefox (TSSA-2025:0616)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0616 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

SUSE SLES15 Security Update : kernel RT (Live Patch 11 for SLE 15 SP6) (SUSE-SU-2025:02871-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02871-1 advisory. This update for the Linux Kernel 6.4.0-1506001039 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core:...

SUSE SLES15 Security Update : kernel RT (Live Patch 1 for SLE 15 SP7) (SUSE-SU-2025:02873-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02873-1 advisory. This update for the Linux Kernel 6.4.0-15070073 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: d...

SUSE-SU-2025:02876-1 Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005591 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351....

Important: kernel-livepatch-5.10.238-234.956

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.238-234.956 Issue Correction: Please ensure you have live patching enabled. Run yum update...

SUSE SLES15 Security Update : kernel (Live Patch 58 for SLE 15 SP3) (SUSE-SU-2025:02832-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02832-1 advisory. This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: cor...

SUSE SLES12 Security Update : kernel (Live Patch 58 for SLE 12 SP5) (SUSE-SU-2025:02827-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02827-1 advisory. This update for the Linux Kernel 4.12.14-122222 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: d...

Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024158 fixes several issues. The following security issues were fixed: CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351...

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

ROOT-OS-DEBIAN-12-CVE-2024-56378 CVE-2024-56378 in rootio-poppler - Patched by Root

Root has patched CVE-2024-56378 in the rootio-poppler package for Root:Debian:12. Multiple fixed versions available...

Fedora 42 : xen (2025-ddaa63a0f5)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ddaa63a0f5 advisory. update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery XSA-470, CVE-2025-27465 x86: Transitive Schedul...

CVE-2025-8549

The CVE-2025-8549 entry concerns atjiu pybbs up to version 6.0.0. The vulnerable component is the update function in src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java, where manipulation leads to weak password requirements. The issue is remotely exploitable with high attack co...

Advisory ROSA-SA-2025-2920

software: freerdp 2.11.7 OS: ROSA-CHROME unaffected versions = freerdp-2.11.7-7 affected versions freerdp-2.11.7-7 CVE-ID: CVE-2024-32661 BDU-ID: 2024-03394 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the FreeRDP RDP client is related to null pointer dereferencing. Exploitation of the...

SUSE-SU-2025:02601-1 Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close bsc1235250. - CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in class handling bsc1245793. -...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2025 Critical Patch Update. For more information please refer to Oracle's July 2025 CPU Advisory and the CVE links referenced below. Vulnerability Details...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...