46 matches found
July 8, 2025—KB5062570 (OS Build 25398.1732)
None None...
July 8, 2025—KB5062572 (OS Build 20348.3932)
None None...
SUSE CVE-2025-38561
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix PreauhHashValue race condition If client send multiple session setup requests to ksmbd, PreauhHashValue race condition could happen. There is no need to free sess-PreauhHashValue at session setup phase. It can be freed...
Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability bsc1235005. CVE-2024-53173: NFSv4.0:...
Description of the security update for SharePoint Server 2019: June 10, 2025 (KB5002729)
None None...
CVE-2025-48943 vLLM allows clients to crash the openai server with invalid regex
vLLM is an inference and serving engine for large language models LLMs. Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service ReDoS that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to...
CVE-2020-9995
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting...
CVE-2019-6667
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX Financial Information eXchange profile applied...
Security Bulletin: IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)
Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Vulnerability Details CVEID:CVE-2025-27907 DESCRIPTION: IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests...
CVE-2025-31131
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2...
SUSE CVE-2024-42256
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifspreparewrite which will make cifs repick the server for the op before renegotiating credits; it then calls...
OESA-2024-1387 ignition security update
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...
CVE-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Impact A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the urlpreviewiprangeblacklist setting by default this only allows public IPs and by t...
SUSE-SU-2023:1860-1 Security update for wayland
This update for wayland fixes the following issues: - CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. bsc1190486...
SUSE-SU-2022:3561-1 Security update for libgsasl
This update for libgsasl fixes the following issues: - CVE-2022-2469: Fixed OOB read in GSSAPI server bsc1201715...
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)
Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability...
Security Bulletin: A vulnerability in IBM Websphere affects IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-0306)
Summary There is a potential security vulnerability in IBM WebSphere Application Server, which is used by IBM Tivoli Netcool Configuration Manager ITNCM. The potential vulnerability is only applicable, if 'FIPS 140-2' is enabled. Vulnerability Details CVEID: CVE-2016-0306 DESCRIPTION: IBM WebSphe...
Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Forms Server (CVE-2016-3092 )
Summary An Apache Commons FileUpload vulnerability for handling string edge case was addressed by IBM Forms Server. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending...
Security Bulletin: Incorrect setting for serveServletsbyClassname can affect FTM for Check Services and FTM for Corporate Payment Services (CVE-2015-1927)
Summary Incorrect setting for serveServletsbyClassname could allow a remote attacker on WebSphere Application Server to gain elevated privileges on the system for FTM for Check Services and FTM for Corporate Payment Services Vulnerability Details CVEID: CVE-2015-1927 DESCRIPTION: IBM WebSphere...