Security update for rubygem-rack-1_6

This update for rubygem-rack-16 fixes the following issues: CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

SUSE-SU-2025:1492-1 Security update for rubygem-rack-1_6

This update for rubygem-rack-16 fixes the following issues: - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607...

SUSE CVE-2023-53082

In the Linux kernel, the following vulnerability has been resolved: vpvdpa: fix the crash in hot unplug with vpvdpa While unplugging the vpvdpa device, it triggers a kernel panic The root cause is: vdpamgmtdevunregister will accesses modern devices which will cause a use after free. So need to...

DEBIAN-CVE-2022-49808

In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba "net: dsa: introduce tagger-owned storage for private and shared data", we had a call to tagops-disconnectdst issued from...

CVE-2022-49869

CVE-2022-49869 (bnxt_en): In the Linux kernel bnxt_hwrm_set_coal() may crash during error recovery because rtnl_lock isn’t held for the entire sequence, allowing freed datastructures. The fix uses BNXT_STATE_OPEN rather than netif_running() to ensure the device is fully operational before reconfi...

DEBIAN-CVE-2025-23147

In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in i3cmasterqueueibi The I3C master driver may receive an IBI from a target device that has not been probed yet. In such cases, the master calls i3cmasterqueueibi to queue an IBI work task, leading to...

CVE-2025-23147

CVE-2025-23147 : Linux kernel i3c master/IBI handling vulnerability where an IBI can arrive before the target driver is probed, causing a NULL dereference in dev->ibi and a kernel panic. Affected component is the I3C master queue path (i3c_master_queue_ibi()); root cause is uninitialized dev-&...

The vulnerability of Xen hypervisors relates to the incorrect sequence of processor instructions, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Xen hypervisors is related to an incorrect sequence of processor instructions, due to the absence of the ENDBR instruction and a prologue/eepilog for CFI schemes based on hash. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access ...

CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

SUSE CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

ALPINE-CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

CVE-2024-58251

CVE-2024-58251 affects BusyBox netstat up to version 1.37.0. Local attackers can cause a denial of service by running a network application with argv[0] containing an ANSI terminal escape sequence, which locks the victim’s terminal when netstat is used. The issue is rooted in how netstat handles ...

CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

Security update for libtasn1

This update for libtasn1 fixes the following issues: CVE-2024-12133: Fixed potential DoS in handling of numerous SEQUENCE OF or SET OF elements bsc1236878 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:20275-1 Security update for libtasn1

This update for libtasn1 fixes the following issues: - CVE-2024-12133: Fixed potential DoS in handling of numerous SEQUENCE OF or SET OF elements bsc1236878...

UBUNTU-CVE-2025-22113

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUGON if trying to start a transaction on a journal marked with JBD2UNMOUNT, since this should never happen. However, while ltp running stress...

CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir

In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx parentdir then creating a...

RHEL 7 : fluentd (RHSA-2018:2225)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2225 advisory. Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near...

Picklescan failed to detect to some unsafe global function in Numpy library

Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...