13 matches found
SUSE-SU-2026:0907-1 Security update for kea
This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Insecure file permissio...
CVE-2025-58149
When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...
ALPINE-CVE-2025-58149
When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...
EUVD-2021-26015
Malware in sbrugna...
EUVD-2020-29027
Malware in sbrugna...
EUVD-2022-44205
Malicious code in bioql PyPI...
RHEL 8 : firefox (RHSA-2024:8724)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:8724 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Mozilla Firefox ESR < 128.4
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-56 advisory. - Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs...
CVE-2023-47858 Details of archived public channels are leaked to members of another team
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams//channels/deleted endpoint...
SUSE CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40959
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
Privilege Escalation
io.quarkus.resteasy.reactive:resteasy-reactive-vertx is vulnerable to privilege escalation. A low-privileged attacker is able to perform unauthorized operations on the database due to a permissions leak on web requests, which allows the attacker to elevate privileges...
[BUGZILLA] Security Advisory
Bugzilla Security Advisory October 1st, 2002 All Bugzilla installations are advised to upgrade to the latest versions of Bugzilla, 2.14.4 and 2.16.1, both released today. Security issues of varying importance have been fixed in both. These vulnerabilities affect all previous 2.14 and 2.16 release...