11228 matches found
ALSA-2025:7417 Important: gimp security update
The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: dds buffe...
PT-2025-20587 · Undefined · Undefined
CVE-2024-37009 is a critical RCE flaw in SAP NetWeaver AS Java, now being exploited by a Chinese threat group. The vulnerability allows unauthenticated attackers to fully compromise systems via the LM Configuration Wizard. SAP has issued a patch. Update immediately. SAP https://t.co/wk3OSxRmbZ...
ruby:3.0 security update
An update is available for module.rubygem-pg, rubygem-abrt, rubygem-pg, module.ruby, module.rubygem-abrt, ruby, rubygem-mysql2, module.rubygem-mysql2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2025-46566
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...
[SECURITY] [DLA 4149-1] nagvis security update
Debian LTS Advisory DLA-4149-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert May 01, 2025 https://wiki.debian.org/LTS Package : nagvis Version : 1:1.9.25-2+deb11u1 CVE ID : CVE-2021-33178 CVE-2022-3979 CVE-2022-46945 CVE-2023-46287 CVE-2024-13722 CVE-2024-13723...
Security update for kernel-livepatch-MICRO-6-0_Update_3
This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Access...
Security update for kernel-livepatch-MICRO-6-0_Update_2
This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Access...
Security update for kernel-livepatch-MICRO-6-0_Update_2
This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Access...
CVE-2025-32966
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8...
Sonos Speakers S1 App < 11.15.1, S2 App < 16.6 Multiple RCE Vulnerabilities (SSA-2024-0002)
Sonos speakers are prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...
PT-2025-17845
Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions prior to September 2025 Description A critical remote code execution issue exists in the SAP NetWeaver Development Server, specifically within the Visual Composer tool's Metadata Uploader function. The flaw is caused by...
ruby:3.1 security update
ruby 3.1.7-145 - Upgrade to Ruby 3.1.7. Resolves: RHEL-55408 - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-57051 - Fix DoS vulnerability in REXML. CVE-2024-43398 Resolves: RHEL-56002 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 3.1.5-143 - Upgra...
Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed…...
PT-2025-16332
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...
Microsoft Edge (Chromium-Based) RCE Vulnerability (Apr 2025)
Microsoft Edge Chromium-Based is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Metasploit Weekly Wrap-Up 04/11/2025
Spring Exploits This weekly release of Metasploit Framework includes new RCE exploit modules for several vulnerable applications: Appsmith, a low-code application platform which contains a misconfiguration on PostgreSQL CVE-2024-55964; Pandora FMS, a monitoring solution, where, once gained access...
April Microsoft Patch Tuesday
April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild: EoP - Windows Common Log File System Driver CVE-2025-29824. An attacker can gain SYST...
RHEL 9 : tomcat (RHSA-2025:3645)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3645 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: RCE due to TOCTOU...
tomcat security update
1:9.0.87-1.el810.3 - Resolves: RHEL-82934 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CVE-2025-24813 - Resolves: RHEL-71708 tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379...
AlmaLinux 9 : tomcat (ALSA-2025:3645)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:3645 advisory. tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 tomcat: Potential RCE and/or information disclosure and/or information corruption with...