SUSE-SU-2025:3909-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - Fixed use-after-free in XPresentNotify structures creation CVE-2025-62229, bsc1251958 Fixed use-after-free in Xkb client resource removal CVE-2025-62230, bsc1251959 Fixed value overflow in Xkb extension XkbSetCompatMap CVE-2025-62231,...

CVE-2025-12595

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2025-12595

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the...

Astra Linux – Vulnerability in Firefox, Thunderbird

A use-after-free occurred in FontFaceSet, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net/packet: a race condition in packetsetring and packetnotifier has been fixed. When packetsetring releases po-bindlock, another thread may execute packetnotifier and process an NETDEVUP event. This race condition is similar to...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in cfg80211connectresult If the ssid-datalen is greater than IEEE80211MAXSSIDLEN 32, it could lead to memory corruption. Therefore, bounds checking should be added...

CVE-2025-11499 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimagefromexternalurl function in all versions up to, and including, 1.1.32. This makes it possible f...

CVE-2025-63467

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub425400 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

EUVD-2025-37381

Totolink A7000R v9.1.0u.6115B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

UBUNTU-CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58147 x86: Incorrect input sanitisation in Viridian hypercalls

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

OPENSUSE-SU-2025:20022-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB boo1250485 - CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract boo1250487...

SUSE CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

EUVD-2023-60042

Nagios XI versions prior to 2024R1.0.2 are vulnerable to cross-site scripting XSS via the Nagios Core Command Expansion page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

EUVD-2023-60040

Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

EUVD-2022-55677

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...