GHSA-VH75-FWV3-PQRH requests-hardened is Vulnerable to Server-Side Request Forgery

The SSRF protection in requests-hardened prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This i...

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50453: gpiolib: cdev: fix NULL-pointer dereferences bsc1250887. CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue...

CLSA-2025-1757963029 kernel-uek: Fix of 194 CVEs

rds: tcp: block BH in TCP callbacks - kexec: Improve & fix crashexcludememrange to handle overlapping ranges - module: correctly exit modulekallsymsoneachsymbol when fn != 0 - module: potential uninitialized return in modulekallsymsoneachsymbol - module: use RCU to synchronize findmodule -...

Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass

Details There's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACKGLOBAL. Function listglobals when handling STACKGLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...

SUSE CVE-2024-35980

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand...

CVE-2024-23952 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)

This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset...

CLSA-2022-1655320860 Fixed CVEs in vim: CVE-2022-1927, CVE-2022-1897

CVE-2022-1897: fix substitution which overwrites an allocated buffer - CVE-2022-1927: fix invalid cursor position after '0;' range...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3014)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3014 advisory. - kvm: fix excessive pages un-pinning in kvmiommumap error path. Quentin Casasnovas Orabug: 20687314 CVE-2014-3601 CVE-2014-8369 CVE-2014-3601 -...