Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987633 advisory. In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffer...

Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability

Fortra GoAnywhere MFT is a Managed File Transfer MFT solution helping organizations build both internal and external data transfer exchanges. GoAnyWhere MFT versions before 7.8.4 and before 7.6.3 suffer from a deserialization vulnerabilty. By crafting a specific payload, a remote and...

Oracle Health Sciences Applications 安全漏洞

Oracle Health Sciences Applications is a suite of clinical research and development solutions for the healthcare industry from Oracle Corporation USA. A security vulnerability exists in Oracle Health Sciences Data Management Workbench for Oracle Health Sciences Applications, versions 3.4.0.1.3 an...

CLSA-2025-1760722427 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487...

JLSEC-2025-147 A flaw was found in FFmpeg's DASH playlist support

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

How to Collect Logs from Veeam Appliance Installer

Purpose This article documents how to collect logs from the installer for the Software Appliances included with Veeam Backup & Replication 13 Veeam Software Appliance, Veeam Infrastructure Appliance, and Veeam Hardened Repository Appliance. This procedure may be required if an installation-relate...

SUSE CVE-2025-39986

In the Linux kernel, the following vulnerability has been resolved: can: sun4ican: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACK...

SUSE CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

@jhoward1994/strapi-plugin-ckeditor (>=0.0.1 <=0.0.1-rc5), @strapi/admin (=0.0.0-experimental.6dbac0c205b0f8495781db5706c18cac1a62e62b) +3 more potentially affected by CVE-2025-25298 via @strapi/core (>=0.0.0-experimental.a13c58eec89ab119f0e381fb79c0252979e9c125 <=5.10.2)

@strapi/core NPM version =0.0.0-experimental.a13c58eec89ab119f0e381fb79c0252979e9c125, =0.0.1, =0.0.0-experimental.0a47d9bbb261b49ab02af2597ede27b7bdb196f4, =5.10.2 - custom-strapi-plugin-socket =1.0.2 Source cves: CVE-2025-25298 Source advisory: OSV:GHSA-2CJV-6WG9-F4F3...

CVE-2025-53868

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

CVE-2025-20360

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...