openSUSE 16 Security Update : keylime (openSUSE-SU-2025:20159-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20159-1 advisory. Update to version 7.13.0+40. Security issues fixed: - CVE-2025-13609: possible agent identity takeover due to registrar allowing the registratio...

Security update for keylime (critical)

openSUSE security update: security update for keylime ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20159-1 Rating: critical References: bsc1237153 bsc1254199 Cross-References: CVE-2025-1057 CVE-2025-13609 CVSS scores: CVE-2025-13609 SUSE : 9...

OPENSUSE-SU-2025:20159-1 Security update for keylime

This update for keylime fixes the following issues: Update to version 7.13.0+40. Security issues fixed: - CVE-2025-13609: possible agent identity takeover due to registrar allowing the registration of agents with duplicate UUIDs bsc1254199. - CVE-2025-1057: registrar denial-of-service due to...

SUSE-SU-2025:21194-1 Security update for keylime

This update for keylime fixes the following issues: Update to version 7.13.0+40. Security issues fixed: - CVE-2025-13609: possible agent identity takeover due to registrar allowing the registration of agents with duplicate UUIDs bsc1254199. - CVE-2025-1057: registrar denial-of-service due to...

CVE-2025-62869

Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net - Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net - Web Push Notifications: from n/a through...

EUVD-2025-202015

Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net Web Push Notifications: from n/a through =...

CVE-2025-62869

Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net – Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net – Web Push Notifications: from n/a through...

CVE-2025-62869

CVE-2025-62869 affects the WordPress plugin Gravitec.net – Web Push Notifications (versions

CVE-2025-62869 WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net – Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net – Web Push Notifications: from n/a through...

CVE-2025-62869 WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net – Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net – Web Push Notifications: from n/a through...

PT-2025-50014

Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net Web Push Notifications: from n/a through =...

EUVD-2023-60070

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmelqspiremove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped regist...

GHSA-5MH9-3JWC-RP59 vulnerabilities

Vulnerabilities for packages: gatekeeper, s5cmd, harbor-scanner-trivy, tempo, portieris, rancher-helm, oauth2-proxy, rootlesskit, prometheus-operator, kubelet-csr-approver, newrelic-nri-kube-events, regclient, terraform-provider-azuread, kpt, grafana, spire-controller-manager, metrics-agent,...

CVE-2025-61727 vulnerabilities

Vulnerabilities for packages: gatekeeper, s5cmd, harbor-scanner-trivy, tempo, portieris, rancher-helm, oauth2-proxy, rootlesskit, prometheus-operator, kubelet-csr-approver, newrelic-nri-kube-events, regclient, terraform-provider-azuread, kpt, grafana, spire-controller-manager, metrics-agent,...

GHSA-5MH9-3JWC-RP59 vulnerabilities

Vulnerabilities for packages: kube-bench, custom-pod-autoscaler-fips, opa, terraform-provider-azuread, rabbitmq-messaging-topology-operator, prometheus-beat-exporter-fips, snyk-cli, flux-kustomize-controller-fips, velero-plugin-for-aws-fips, karma-fips, gatekeeper-fips, ko-fips,...

WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Gravitec.net Web Push Notifications versions = 2.9.17...

CVE-2025-20383

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive...

PT-2026-2517

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Open vSwitch component related to insufficient validation of attributes in the push nsh action. Specifically, the code does not adequately...

CVE-2025-20383

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive...

CVE-2025-20383

CVE-2025-20383 affects Splunk Enterprise (below 10.0.2 and older 9.x branches) and the Splunk Secure Gateway app (below 3.7.28/3.8.58/3.9.10) in Splunk Cloud Platform. A low-privilege user with mobile push notifications enabled can see the title and description of reports/alerts they are not auth...