2197 matches found
[SECURITY] [DLA 4400-1] rear security update
Debian LTS Advisory DLA-4400-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 10, 2025 https://wiki.debian.org/LTS Package : rear Version : 2.6+dfsg-1+deb11u1 CVE ID : CVE-2024-23301 Debian Bug : 1060747 It has been discovered that Relax-and-Recover aka...
Debian dla-4400 : rear - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4400 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4400-1 [email protected] https://www.debian.org/lts/security/...
SUSE CVE-2025-13947
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser...
CVE-2025-66312
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. Th...
EUVD-2025-200098
Grav Admin Plugin is vulnerable to Cross-Site Scripting XSS Stored endpoint /admin/accounts/groups/group parameter datareadableName...
Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datareadableName parameter. The injected scripts are stored on the server and...
CVE-2025-66312 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. Th...
CVE-2025-66312 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. Th...
CVE-2025-66312
The CVE-2025-66312 pertains to Grav Admin Plugin, where a Stored XSS vulnerability existed in the /admin/accounts/groups/Grupo endpoint via the data[readableName] field. The issue allowed injected scripts to be stored on the server and executed when affected pages load. It affects Grav’s admin in...
Security update for gitea-tea (moderate)
openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2025:0453-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP6 An update that contains security fixes can now be installed. Description: This update for gitea-tea fixes the following...
OPENSUSE-SU-2025:20100-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots bsc1253703 - CVE-2025-12748: Fixed Denial of service in XML parsing bsc1253278 Other fixes: - spec: Adjust dbus dependency bsc1253642 - qemu: Add support for Intel TD...
Libvirt: information disclosure via world-readable vm snapshots
...
CVE-2025-64996
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...
Linux Distros Unpatched Vulnerability : CVE-2025-64996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing a...
EUVD-2025-198049
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...
CVE-2025-64996
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...
UBUNTU-CVE-2025-64996
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...
CVE-2025-64996 Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...
CVE-2025-64996
Checkmk vulnerable component: mk_inotify plugin. Affected in versions before 2.4.0p16, 2.3.0p41, and all 2.2.0 and older. The plugin creates world-readable/writable files, allowing any local user to read its output and modify it, potentially leading to unauthorized access to or modification of mo...
CVE-2025-64996 Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...