69 matches found
SUSE-SU-2025:03278-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: This...
Shares are not removed when user is limited to share with in their groups and being removed from one of them
None...
Incomplete sanitization of SVG files allows to embed other images into previews
None...
Authorization Bypass Through User-Controlled Key in Tables
None...
Mail app does not respect download permissions in shares
None...
Mail auto configurator sends account information to `autoconfig.tld` server when no auto-configuration is possible
None...
OAuth2 client secrets were stored in a recoverable way
None...
ID4me does not validate signature or expiration
None...
Code injection in Nextcloud Desktop Client for macOS
None...
Can access comments and attachments of deleted cards
None...
Notes app can be tricked into using a received share created before the user logged in
None...
Read-only users can restore old versions
None...
Open redirect in user_saml via RelayState parameter
None...
Improper handling of request URLs in Guests app allows guest users to bypass app allowlist
None...
OAuth2 authorization codes are valid indefinetly
None...
Self XSS when sending HTML as a comment in the Deck app
None...
Bruteforce protection can be bypassed with misconfigured proxy
None...
Calendar app returns full stacktrace when an error happens while editing appointment
None...
Users can make external storage mount points inaccessible for other users
None...
user_ldap app logs user passwords in the log file on level debug
None...