Flask-AppBuilder Observable Response Discrepancy

Impact User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. Patches Upgrade to flask-appbuilder=4.5.3 Workarounds Downgrade...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS bsc1236974. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Linux Distros Unpatched Vulnerability : CVE-2010-5328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - include/linux/inittask.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which...

Linux Distros Unpatched Vulnerability : CVE-2008-0122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Off-by-one error in the inetnetwork function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows...

Android Automotive OS Update Bulletin—March 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2025-03-05 or later from the March 2025 Android Security Bulletin in addition to all issues in this...

Android Security Bulletin—March 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2025-22491

The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software FRS application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest version 1.5.100 of...

CVE-2025-1788 rizinorg rizin utf8.c rz_utf8_encode heap-based overflow

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rzutf8encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2025-22491

The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software FRS application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest version 1.5.100 of...

CVE-2025-22491

CVE-2025-22491 affects Foreseer Reporting Software (FRS) - a vulnerability in the Reporting Hierarchy Management page where unsanitized user input allows arbitrary JavaScript execution in a browser context for all interacting users. Root cause: un sanitised input processing on that page. Impact: ...

Dell Client BIOS Weak Authentication (DSA-2025-021)

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. Note that Nessus has not tested for this issue but has instead relied only on the application's...

CVE-2025-21805

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Add missing deinit call A warning is triggered when repeatedly connecting and disconnecting the rnbd: listadd corruption. prev-next should be next ffff88800b13e480, but was ffff88801ecd1338. prev=ffff88801ecd1340...

GHSA-5QMP-9X47-92Q8 Rancher's SAML-based login via CLI can be denied by unauthenticated users

Impact A vulnerability has been identified within Rancher where it is possible for an unauthenticated user to list all CLI authentication tokens and delete them before the CLI is able to get the token value. This effectively prevents users from logging in via the CLI when using rancher token as t...

Rancher's SAML-based login via CLI can be denied by unauthenticated users

Impact A vulnerability has been identified within Rancher where it is possible for an unauthenticated user to list all CLI authentication tokens and delete them before the CLI is able to get the token value. This effectively prevents users from logging in via the CLI when using rancher token as t...

SUSE CVE-2022-49150

In the Linux kernel, the following vulnerability has been resolved: rtc: gamecube: Fix refcount leak in gamecubertcreadoffsetfromsram The offindcompatiblenode function returns a node pointer with refcount incremented, We should use ofnodeput on it when done Add the missing ofnodeput to release th...

SUSE CVE-2022-49444

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

SUSE CVE-2022-49495

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check return value after calling platformgetresourcebyname It will cause null-ptr-deref if platformgetresourcebyname returns NULL, we need check the return value. Patchwork:...

CVE-2025-21796

CVE-2025-21796 concerns the Linux kernel NFS server (nfsd). Affected path: acl_access/acl_default handling when acl_default release fails, leaving acl_access with a dangling pointer to a released posix_acl. This can trigger a use-after-free and a kernel panic if warnings are treated as fatal. The...

Security Bulletin: Security vulnerability due to a vulnerability in the Apache Derby package shipped with IBM TXSeries for Multiplatforms

Summary Security vulnerability due to a vulnerability in the Apache Derby package shipped with IBM TXSeries for Multiplatforms. The Apache Derby package version has been updated. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security...

CVE-2022-49563

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a line...