SUSE-SU-2025:02096-1 Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122228 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing...

USN-7594-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux UML; - x...

GHSA-HJ2P-8WJ8-PFQ4 vulnerabilities

Vulnerabilities for packages: yunikorn-k8shim-fips, kubernetes-csi-driver-hostpath, cloud-provider-gcp-cloud-controller-manager-fips, cloud-provider-gcp-cloud-controller-manager, azurefile-csi-fips, rancher, node-feature-discovery, emissary, docker-machine-driver-harvester, azuredisk-csi-fips,...

USN-7591-2: Linux kernel (FIPS) vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 It was discovered that the CIFS network file system...

Ubuntu: Security Advisory (USN-7593-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7591-1: Linux kernel vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 It was discovered that the CIFS network file system...

SUSE-SU-2025:02072-1 Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001020 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-56582: btrfs: fix use-after-free in btrfsencodedreadendio bsc1235129. -...

GHSA-48P4-8XCF-VXJ5 vulnerabilities

Vulnerabilities for packages: emissary, dask-kubernetes, jupyter-base-notebook, reflex, kubeflow-pipelines, tensorflow-cpu-jupyter, airflow, py3-pipenv, superset, py3-pip, grafana-oncall, k8s-sidecar, kubeflow-katib, jwt-tool, kserve, confluent-docker-utils, dask-gateway, az, py3-cassandra-medusa...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-075)

The version of kernel installed on the remote host is prior to 5.15.185-126.190. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-075 advisory. In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug whe...

D-Link DIR-815 Multiple Vulnerabilities (2024 - 2025)

D-Link DIR-815 devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-5121

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

CVE-2025-2443

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

CVE-2025-49976 WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7...

CVE-2024-7586

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...

SUSE-SU-2025:02050-1 Security update for python39

This update for python39 fixes the following issues: python39 was updated from version 3.9.21 to version 3.9.23: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-451...

CVE-2022-50014

In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLLFORCE COW security issue and remove FOLLCOW Ever since the Dirty COW CVE-2016-5195 security issue happened, we know that FOLLFORCE can be possibly dangerous, especially if there are races that can be exploited by...

CVE-2025-32875

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing...

openSUSE Security Advisory (SUSE-SU-2025:01988-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-PQ67-6M6Q-MJ2V vulnerabilities

Vulnerabilities for packages: ansible-operator-fips, datadog-agent, graalvm, jupyter-base-notebook, datadog-agent-fips, py3-hashin, tensorflow-cpu-jupyter, py3-pip, apache-beam-python-3.11-sdk, awx, nemo, kubeflow-katib, az, emissary, airflow-core, k8s-sidecar, spamcheck, ggshield,...

CVE-2022-50208

In the Linux kernel, the following vulnerability has been resolved: soc: amlogic: Fix refcount leak in meson-secure-pwrc.c In mesonsecurepwrcprobe, there is a refcount leak in one fail path...