SUSE SLES12 Security Update : postgresql16 (SUSE-SU-2025:0637-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0637-1 advisory. Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Tenable has extracted...

SUSE-SU-2025:0636-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.8: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:0619-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.20: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

SUSE-SU-2025:0618-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

Security update for SUSE Manager Client Tools

This update fixes the following issues: scap-security-guide was updated to version 0.1.75 jscECO-3319: Added Ism profile for OL8, OL9 Added new product kylinserver10 Created OL10 product Release SLMicro5 product Replaced two date injections by SOURCEDATEEPOCH to make reproducible bsc1230361 Updat...

Security update for SUSE Manager Client Tools

This update fixes the following issues: spacecmd was updated to version 5.0.11-0: Updated translation strings uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: Security issues fixed: CVE-2024-22037: Use podman secret to store the database credentials bsc1231497 Other changes and bugs...

CVE-2024-12012

A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...

EffectMatrix Total Video Converter Command Line 安全漏洞

EffectMatrix Total Video Converter Command Line EffectMatrix TVCC is a server-side video encoding and editing software from EffectMatrix Corporation. A security vulnerability exists in EffectMatrix Total Video Converter Command Line version 2.50, which is caused due to a buffer overflow caused by...

python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()

A vulnerability was found in Python-Django in the getsupportedlanguagevariant function. The issue triggers when parsed with very long strings, including a specific set of characters, leading to a potential denial of service attack...

PT-2025-7066 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: parse-duraton versions prior to 2.1.3 Description: The issue is related to an event loop delay due to the CPU-bound operation of resolving the provided string, which can range from 0.5ms to 50ms per operation, depending on the size of the inp...

PT-2025-7253 · Elliptic · Elliptic

Name of the Vulnerable Software and Affected Versions: elliptic affected versions not specified Description: The issue allows for private key extraction from ECDSA signatures when signing a malformed input, such as a string or a number, which could come from JSON network input. This is possible...

Astra Linux – Vulnerability in Zabbix

The HttpRequest object allows you to retrieve the HTTP headers from the server’s response after sending a request. The issue is that the returned strings are created directly from the data sent by the server and are not properly encoded for JavaScript. This enables the creation of internal string...

SUSE CVE-2025-24787

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

CVE-2025-24787

CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...

PT-2025-5638 · Crates.Io · Fast-Float2

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned. Description: The issue arises from the fast float2::common::AsciiStr::first method within the AsciiStr struct, which uses the unsafe keyword to read from memory without performing bounds checking...

CVE-2025-0730 TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usraccountset.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request...

ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

GHSA-3WWR-3G9F-9GC7 ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

CVE-2025-24359 ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...