Unity Linux 20.1070a Security Update: open-vm-tools (UTSA-2026-007257)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007257 advisory. VMware Tools contains an insecure file handling vulnerability.A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigge...

Security update for 389-ds (important)

openSUSE security update: security update for 389-ds ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20415-1 Rating: important References: bsc1258727 Cross-References: CVE-2025-14905 CVSS scores: CVE-2025-14905 SUSE : 7.2...

SUSE-SU-2026:0696-1 Security update for the Linux Kernel (Live Patch 65 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.247 fixes various security issues The following security issues were fixed: - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. - CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag bsc1255845...

CVE-2026-27849

The CVE-2026-27849 vulnerability affects MR9600 (versions 1.0.4.205530) and MX4200 (version 1.0.13.210200). It arises from missing neutralization of special elements in the update functionality of a TLS-SRP connection used for configuring devices in the mesh network, enabling potential OS command...

EUVD-2024-27566

Malicious code in bioql PyPI...

PT-2025-20032 · Unknown · Boinc Server

Name of the Vulnerable Software and Affected Versions: BOINC Server versions through 1.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in BOINC Server. Recommendations: For...

CVE-2025-2605

CVE-2025-2605 is an OS command injection vulnerability in Honeywell MB-Secure and MB-Secure PRO. The issue arises from improper neutralization of special elements used in OS commands, enabling privilege abuse. Affected products and versions: MB-Secure from V11.04 before V12.53; MB-Secure PRO from...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46755)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46755 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2024-636)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-636 advisory. An issue was discovered in Bouncy Castle Java Cryptography APIs before ... NOTE: https://github.com/bcgit/bc-java/issues/1635NOTE: https://www.bouncycastle.org/latestreleases.htmlDEBIANBUG:...

CGA-RWPV-XHV7-MWWW

Bulletin has no description...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

CVE-2024-2617

CVE-2024-2617 affects Hitachi Energy RTU500 series (RTU500 web server component). The vulnerability lets authenticated users bypass secure update and install unsigned firmware on RTU500. Reported impact is high (CVSS3.1: 7.2) with network attack vector, low complexity, high privileges required, a...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

PT-2024-21304

Name of the Vulnerable Software and Affected Versions RTU500 affected versions not specified Description A vulnerability exists in the RTU500 that allows authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to...

Medium: python38

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

CVE-2023-31190

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which t...

PT-2023-33696 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue concerns the devlink dump not being properly protected by the instance lock. This could potentially lead to security vulnerabilities, although the actual impact and attack...