pretalx vulnerable to stored cross-site scripting in organizer search typeahead

The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes any registered user whose display name is looked up by an...

CLSA-2026-1769542154 libxml2: Fix of CVE-2022-23308

CVE-2022-23308-fix.patch: fix undefined reference to ID variable and apply upstream regression fix to CVE-2022-23308 patch...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003130)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003130 advisory. Linux Kernel version 3.18 to 4.16 incorrectly handles an SGIO ioctl on /dev/sg0 with dxferdirection=SGDXFERFROMDEV and an empty 6-byte cmdp. This may lead to copying...

Fedora 42 : docker-buildkit (2025-9cf9edf688)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-9cf9edf688 advisory. - Update to release v0.26.3 - Resolves CVE-2024-25621: rhbz2419004, rhbz2419033, rhbz2419427 - Upstream fix Tenable has extracted the preceding...

Fedora 42 : tinyproxy (2025-a177cf4e1e)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a177cf4e1e advisory. Add upstream patch to fix CVE-2025-63938. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 43 : tinyproxy (2025-72fbf180c7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-72fbf180c7 advisory. Add upstream patch to fix CVE-2025-63938. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2022-21722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN,...

Linux Distros Unpatched Vulnerability : CVE-2019-15791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace installs an fd referencing a...

Policy and Disclosure: 2025 Edition

Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes...

CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

CLSA-2025-1737656427 libgcrypt: Fix of CVE-2024-2236

Synced to upstream plus ASN.1 patch - Tested on AlmaLinux 9.5 - Fix CVE-2024-2236 RHEL-34579...

SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.26 (SUSE-SU-2024:3094-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3094-1 advisory. Update kubernetes to version 1.26.15: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf...

SUSE-SU-2024:2946-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-37369: Fixed a buffer overflow in QXmlStreamReader QTBUG-91889, bsc1214327. - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms due to anomalous behavior from the X server bsc1222120 -...

SUSE-SU-2024:1140-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2024-27351: Align the patch with the upstream one and make it more robust. bsc1220358...

Mageia: Security Advisory (MGASA-2023-0310)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Minor update(4) for Vivaldi Android Browser 5.7

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the third 5.7 stable, minor update : Chromium Backport...

php security, bug fix, and enhancement update

8.0.20-3 - snmp3 calls using authPriv or authNoPriv immediately return false 2104630 8.0.20-2 - fix patch41 not applied use system nikic/php-parser when available 8.0.20-1 - rebase to 8.0.20 2095752 - clean unneeded dependency on useradd command 2095447 - add upstream patch to initialize pcre...

PT-2022-6531 · Google +4 · Android Kernel +4

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a missing permission check in the verity target of dm-verity-target.c, which could allow modification of read-only files. This could lead to local escalation of privilege with System executi...

PT-2022-6287 · Google +1 · Android Kernel +1

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a use after free condition that could corrupt kernel memory, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not...

CLSA-2021-1634922881 Fixed CVEs in openssl: CVE-2018-0739, CVE-2018-0732, CVE-2021-3712, CVE-2018-0737

fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 -...