CVE-2025-4976

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...

OPENSUSE-SU-2025:15380-1 jupyter-nbdime-7.0.2-21.1 on GA media

These are all security issues fixed in the jupyter-nbdime-7.0.2-21.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15375-1 chromedriver-138.0.7204.168-1.1 on GA media

These are all security issues fixed in the chromedriver-138.0.7204.168-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15382-1 ruby3.4-rubygem-thor-1.4.0-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-thor-1.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15377-1 grype-db-0.35.0-1.1 on GA media

These are all security issues fixed in the grype-db-0.35.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15378-1 javamail-1.6.2-3.1 on GA media

These are all security issues fixed in the javamail-1.6.2-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15379-1 minio-client-20250721T052808Z-1.1 on GA media

These are all security issues fixed in the minio-client-20250721T052808Z-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15376-1 cloud-init-25.1.3-1.1 on GA media

These are all security issues fixed in the cloud-init-25.1.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15381-1 python311-starlette-0.47.2-1.1 on GA media

These are all security issues fixed in the python311-starlette-0.47.2-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] [DSA 5964-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5964-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2025 https://www.debian.org/security/faq -...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.65-i586-1slack15.0.txz: Upgraded. This release fixes bugs and the following security issues: HTTP/2 DoS by Memory Increase...

CVE-2025-4439

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

SUSE SLES15 Security Update : kernel (Live Patch 17 for SLE 15 SP5) (SUSE-SU-2025:02459-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02459-1 advisory. This update for the Linux Kernel 5.14.21-1505005573 fixes several issues. The following security issues were fixed: - CVE-2024-53146: NFSD:...

RHEL 8 : kernel (RHSA-2025:11570)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11570 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: um: Fix out-of-bounds read in...

Oracle Linux 10 : kernel (ELSA-2025-11428)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-11428 advisory. 6.12.0-55.22.1.0.10.OL10 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Add new Oracle Linux Driver Signing key 1 certificate...

CVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141...

USN-7663-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

USN-7654-4: Linux kernel (KVM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; -...

USN-7651-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...