CLSA-2025-1756408700 nodejs: Fix of CVE-2024-25629

CVE-2024-25629: prevent reading before buffer start when parsing config files containing an embedded NULL as the first character of a line by discarding such lines in aresreadline...

CVE-2025-54995 Asterisk remotely exploitable leak of RTP UDP ports and internal resources

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions...

PT-2025-35122

Name of the Vulnerable Software and Affected Versions Valtimo versions prior to 12.16.0 Valtimo versions 13.0.0 through 13.1.1 Description Valtimo is a platform for Business Process Automation. Administrators with the ability to create, modify, and execute process definitions could gain access to...

Linux Distros Unpatched Vulnerability : CVE-2023-39534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, ...

Craft CMS Potential Remote Code Execution via Twig SSTI

Note that users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-productio...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_7

This update for kernel-livepatch-MICRO-6-0-RTUpdate7 fixes the following issues: CVE-2025-37752: netsched: schsfq: move the limit validation bsc1245776 CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in class handling bsc1245793 CVE-2025-21702: pfifotailenqueue: Drop new packet when...

CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

SUSE CVE-2025-9301

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may b...

Security update for net-tools

This update for net-tools fixes the following issues: Provide more readable error for interface name size checking bsc1243581 Perform bound checks when parsing interface labels in /proc/net/dev bsc1243581, bsc1246608. CVE-2025-46836 Patch Instructions: To install this SUSE update use the SUSE...

AZL-66443 CVE-2025-38602 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for allocorderedworkqueue Add check for the return value of allocorderedworkqueue since it may return NULL pointer...

CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38561

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix PreauhHashValue race condition If client send multiple session setup requests to ksmbd, PreauhHashValue race condition could happen. There is no need to free sess-PreauhHashValue at session setup phase. It can be freed...

Security update for docker

This update for docker fixes the following issues: Update to Docker 28.3.3-ce. CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. bsc1247367 Patch Instructions: To install this SUSE update use the SUSE recommended installatio...

SUSE CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

CVE-2023-3865

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bound read in smb2write ksmbdsmb2checkmessage doesn't validate hdr-NextCommand. If -NextCommand is bigger than Offset + Length of smb2 write, It will allow oversized smb2 write length. It will cause OOB read in...

DEBIAN-CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

CVE-2025-38528 bpf: Reject %p% format string in bprintf-like helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

CVE-2025-38512

Intel/summary (CVE-2025-38512) The Linux kernel patch for wifi A-MSDU spoofing in mesh networks fixes a vulnerability where an A‑MSDU could be incorrectly parsed as a standard MSDU. The mitigation detects this by parsing a received A‑MSDU as MSDU, computing the Mesh Control header length, and ver...

AZL-66416 CVE-2025-38501 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated...