CVE-2023-53817

CVE-2023-53817 — Linux kernel crypto: lib/mpi . The vulnerability stems from mpi_cmp_ui() dereferencing a NULL u->d when handling a DH value in NVMe/TCP authentication, triggered by using an 8192-bit DH group with a correctly sized but zeroed value. The issue occurs because mpi_cmp_ui() treats...

EUVD-2023-60071

In the Linux kernel, the following vulnerability has been resolved: irqchip/irq-mvebu-gicp: Fix refcount leak in mvebugicpprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...

PT-2025-48316

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.24 Description The software contains flawed logic when validating uploaded files, specifically concerning the tmp name parameter. This issue resides in the app/Controller/EventsController.php file. Recommendations...

SUSE-SU-2025:21144-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...

OPENSUSE-SU-2025:20089-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...

CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

PT-2025-47495

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.8.5 authentik versions prior to 2025.10.2 Description authentik, an open-source Identity Provider, had a flaw where invitations remained valid even after expiration. This relied on background tasks to remove...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check resource validity, which could result in a null pointer dereference...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989822)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989822 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not...

SUSE CVE-2025-40078

In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which triggers: verifier bug: error during ctx access conversion 0 This is...

CVE-2025-40078

In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which triggers: verifier bug: error during ctx access conversion 0 This is...

CVE-2025-40078

Linux kernel vulnerability CVE-2025-40078 concerns bpf_sock_addr padding access. Syzkaller-triggered a verifier bug during context access conversion because an implicit 4-byte padding after msg_src_ip4 was not rejected, allowing invalid padding access to slip through sock_addr_is_valid_access. Th...

CVE-2025-62781

PILOS (Frontend for BigBlueButton) prior to version 4.8.0 exposes a session-regen flaw: when a local user changes their password, all other active sessions are terminated except the current one, whose token is not refreshed. If an attacker already possesses that session token (from another vulner...

Improper Authentication

com.liferay, com.liferay.multi.factor.authentication.timebased.otp.web is vulnerable to improper authentication. The vulnerability is due to the reuse of time-based one-time passwords TOTP within their validity period, which allows an attacker with access to a user’s TOTP to authenticate as that...

Keycloak does not invalidate offline sessions when the offline_access scope is removed

A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...

CVE-2025-12110

A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...

CVE-2025-62772

On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...

Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: Security issues fixed: CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigger assertion and cause a crash bsc1243958. CVE-2025-30348: complex algorithm used in encodeText in QDom when processing XML data can cause low...

EUVD-2025-35315

On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...

CVE-2025-62772

On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases...