Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: CVE-2024-45016: netem: fix return value if duplicate enqueue fails bsc1230998. CVE-2024-47684: tcp: check skb is non-NULL in tcprtodeltaus bsc1231993. Patch Instructions: To install...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30260)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30260 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II power9 with kernel 6.13: 12.028126 ==================================================================...

CVE-2022-36091

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like...

CVE-2022-24760

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

CVE-2020-15269

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory...

CVE-2024-41964

Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's...

CVE-2024-6203

HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users given their email address is known. When these poisoned links get accessed e.g. manually by the victim or automatically by an email client...

Important: kernel-livepatch-6.1.96-102.177

Issue Overview: kernel: virtio-net: tap: mlx5core short frame denial of service CVE-2024-41090 kernel: virtio-net: tun: mlx5core short frame denial of service CVE-2024-41091 Affected Packages: kernel-livepatch-6.1.96-102.177 Issue Correction: Please ensure you have live patching enabled. Run dnf...

Important: kernel-livepatch-6.1.96-102.177

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-6.1.96-102.177 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

CVE-2025-23114

Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...

Security update for rsync

This update for rsync fixes the following issues: Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...

SUSE-SU-2025:0340-1 Security update for rsync

This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities...

veneziaopera-tickets.eu Cross Site Scripting vulnerability OBB-4019143

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781...

Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002317 fixes several issues. The following security issues were fixed: CVE-2024-40921: net: bridge: mst: pass vlan group directly to brmstvlansetstate bsc1227784. CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in brmstsetstate bsc1227781...

GHSA-H78M-J95M-5356 Cilium has an information leakage via insecure default Hubble UI CORS header

Impact For users who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart, an insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure. A user with access to a Hubble UI instance affected by this issue could leak configuration details about...

PT-2025-2617 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: GRAU DATA Blocky versions prior to 3.1 Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in Blocky-Gui. An attacker with Windows administrative or debugging privileges can patch a binary in...

Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002325 fixes one issue. The following security issue was fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

CVE-2025-23209 Potential RCE with a compromised security key in craft/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...