CVE-2025-6395 affecting package gnutls for versions less than 3.7.11-4

CVE-2025-6395 affecting package gnutls for versions less than 3.7.11-4. A patched version of the package is available...

CVE-2025-38430

CVE-2025-38430 affects the Linux kernel NFS server (nfsd). The issue arises when processing NFSv4 compound requests; if the request is not NFSPROC4_COMPOUND, examining cstate may yield undefined results. A patch adds a guard to verify that the RPC procedure being executed is NFSPROC4_COMPOUND, pr...

CVE-2025-38372

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling xastore and xaerase were used without holding the proper lock, which led to a lockdep warning due to unsafe RCU usage. This patch replaces them with xastore and xaerase...

CVE-2025-38361

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dcehwseq before dereferencing it WHAT hws was checked for null earlier in dce110blankstream, indicating hws can be null, and should be checked whenever it is used. cherry picked from commit...

CVE-2025-38395 regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods

In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpiodesc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later ...

CVE-2025-38389

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring submission platform: 239.330153 ------------ cut here ------------...

CVE-2025-38371

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which can lead to GPU hangs and NULL pointer dereference in an interrupt context as shown in the following trace:...

CVE-2025-38353

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does nothing in this case. It fixes the following...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool bsc1246267 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

NewStart CGSL MAIN 7.02 : python-urllib3 Multiple Vulnerabilities (NS-SA-2025-0157)

The remote NewStart CGSL host, running version MAIN 7.02, has python-urllib3 packages installed that are affected by multiple vulnerabilities: - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing...

SimpleHelp < 5.5.11 XSRF

The version of SimpleHelp running on the remote web server is prior to 5.5.11. It is, therefore, affected by a cross-site request forgery XSRF vulnerability. Note that this vulnerability can be used in conjunction with CVE-2025-36727 to fully compromise a target. Note that Nessus has not tested f...

CVE-2025-32429

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...

GitLab 15.0 < 18.0.5 / 18.1 < 18.1.3 / 18.2 < 18.2.1 (CVE-2025-7001)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insufficient Granularity of Access Control in GitLab CVE-2025-7001 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2025-54365 fastapi-guard patch contains bypassable RegEx

fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression DoS and command injection due to the python package (CVE-2024-6232, CVE-2024-9287)

Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...

GHSA-RRF6-PXG8-684G FastAPI Guard has a regex bypass

Summary The regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. Details In version 3.0.1, you can find a commit like the one in the link below, which was made to prevent ReDoS...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the protobufjs package (CVE-2022-25878)

Summary Protobufjs is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2022-25878 DESCRIPTION: The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the...

Oracle JDeveloper DoS (July 2025 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by denial of service vulnerability as referenced in the July 2025 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: ADF Apache...

CVE-2025-54138 LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajaxform.php endpoint that permits Remote File Inclusion base...

CVE-2025-54138 LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajaxform.php endpoint that permits Remote File Inclusion base...