1779 matches found
SUSE-SU-2025:0955-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race bsc1222672. - CVE-2024-40980: dropmonitor: replace spinlock by rawspinlock bsc1227937. -...
SUSE-SU-2025:0833-2 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238033. - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization guest/host mode behind...
Dummy Issue
h3. Issue Summary This issue is created to test the automation rule to restrict the access level in case of a security bug. h3. Steps to Reproduce Dummy step 1 Dummy step 2 h3. Expected Results Dummy h3. Actual Results The below exception is thrown in the xxxxxxx.log file: noformat ... noformat h...
curl: Improper Restriction of Authentication Attempts in cURL
Summary: The authentication mechanism in cURL does not properly restrict the number of failed authentication attempts, allowing an attacker to brute-force credentials. This issue affects authentication-based requests and could lead to unauthorized access if an attacker successfully guesses a vali...
net: inet: do not leave a dangling sk pointer in inet_create()
...
BIT-MODSECURITY-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...
CVE-2025-27414
MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...
CVE-2022-49067 powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way pa works we have: pa0x8000000000000000 == 0, and therefore virttopfn0x8000000000000000 == ...
Adobe Reader CoolType Out-Of-Bounds Read
The Type1/CFF CharString interpreter code in the Adobe Reader CoolType.dll font library does not check if the input stream pointer has not gone beyond the end of the source buffer, which stores the state machine instructions. The Type1/CFF CharString interpreter code in the Adobe Reader...
CVE-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...
CVE-2024-37362
creationtimestamp| type| source ---|---|--- 2025-02-20 02:16:31+00:00| seen| https://t.me/cvedetector/18489 2025-02-20 02:47:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lilbm2zbpt2c 2025-08-25 13:32:05+00:00| seen| MISP/9ca82492-7deb-4197-a6f1-191e121eef96...
qt5-webengine -- Use after free in Compositing
Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-12694: Use after free in Compositing...
CVE-2025-1011
CVE-2025-1011 is a WebAssembly code-generation bug that could crash the affected Mozilla components and, per the connected advisories, may enable remote code execution. Public references indicate the vulnerability affects Firefox up to version 135 (and ESR 128.7) and Thunderbird up to 128.7 (and ...
CVE-2024-57948
In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154ifremove. 1 Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system...
SUSE-SU-2025:0236-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48742: rtnetlink: make sure to refresh masterdev/mops in rtnlnewlink bsc1226694. - CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-53095: smb: client: Fix use-after-free of network namespace bsc1233642. CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234853...
SUSE-SU-2025:0154-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfcworkerwakeup bsc1225820. - CVE-2024-27397: netfilter: nftables: use timestamp to check for set element...
CVE-2023-28120
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...
CVE-2024-12322
creationtimestamp| type| source ---|---|--- 2025-01-07 04:36:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/302 2025-01-07 05:17:05+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vhkglt422 2025-01-07 05:48:09+00:00| seen|...
CVE-2024-56761
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH CPs An indirect branch instruction sets the CPU indirect branch tracker IBT into WAITFORENDBRANCH WFE state and WFE stays asserted across the instruction boundary. When the decoder finds a...