SUSE CVE-2026-43261

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

EUVD-2026-27822

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

CVE-2026-43261 arm64: Add support for TSV110 Spectre-BHB mitigation

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

CVE-2026-43261

The CVE-2026-43261 entry concerns the Linux kernel ARM64 arm64: TSV110 Spectre-BHB mitigation. The root cause is Spectre-BHB leakage via branch-prediction side channels on TSV110; mitigation consists of adding the TSV110 MIDR to the software mitigation list in the kernel. Affected component: Linu...

PT-2026-37601

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The TSV110 processor is susceptible to the Spectre-BHB Branch History Buffer attack. This issue allows for the leakage of information via branch prediction side channels, which are...

GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx

Summary Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint. Mitigation To manage the proxy base value as a system administrator, use the parameter PROXYBASEURL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith...

A Simulation-Based Evaluation Framework for Inter-VM RowHammer Mitigation Techniques

Inter-VM RowHammer is an attack that induces a bitflip beyond the boundaries of virtual machines VMs to compromise a VM from another, and some software-based techniques have been proposed to mitigate this attack. Evaluating these mitigation techniques requires to confirm that they actually mitiga...

CVE-2025-37963 arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only...

WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Mika in WordPress Plugin WR Price List Manager For Woocommerce versions = 1.0.8...

CVE-2024-51479 Authorization bypass in Next.js

Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For...

WordPress WP Delicious Plugin < 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Delicious Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f958188390a5 Credits Rafie Muhammad Patchstack Required...

AMD CPU Information Disclosure Vulnerability (AMD-SB-1038, Hertzbleed)

The AMD CPU on the remote host might be prone to an information disclosure vulnerability dubbed Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-011 (ALASKERNEL-5.10-2022-011)

The version of kernel installed on the remote host is prior to 5.10.102-99.473. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-011 advisory. AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The...

Information Disclosure

kernel is vulnerable to information disclosure. A logic bug was found in the Linux kernels implementation of SSBD. A bug in the logic handling can allow an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in pla...

SUSE-SU-2019:1910-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBD...

Microsoft Dynamics 365 CVE-2018-8608 Cross Site Scripting Vulnerability

Description Microsoft Dynamics 365 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20180125) (Meltdown) (Spectre)

Security Fixes : An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

RHEL 6 : kernel-rt (RHSA-2018:0021)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0021 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

RHEL 7 : redhat-virtualization-host (RHSA-2018:0047) (Meltdown) (Spectre)

An update for redhat-virtualization-host is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

(RHSA-2018:0044) Important: redhat-virtualization-host security update

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts RHVH are installed using a special build of Red Hat Enterprise Linux with only the packages required to host...