DEBIAN-CVE-2025-37890

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

CVE-2025-37890 net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

CVE-2024-52878

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

SUSE-SU-2025:1555-1 Security update for go1.22-openssl

This update for go1.22-openssl fixes the following issues: Update to version 1.22.12 bsc1218424: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 - CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name...

CVE-2024-52877

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2024-52880

The connected PT-2025-17633 entry provides concrete fixes for Insyde InsydeH2O kernel vulnerabilities: affected kernel versions are 5.2–05.29.49, 5.3–05.38.49, 5.4–05.46.49, 5.5–05.54.49, 5.6–05.61.49, and 5.7–05.70.49. The root cause is that the SecureBootHandler in the VariableRuntimeDxe driver...

Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

GHSA-Q7C3-X7HM-QQ72 Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

Alibaba Cloud Linux 3 : 0282: gstreamer1-plugins-good (ALINUX3-SA-2024:0282)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0282 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-47537: GStreamer is a library for...

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

X.Org: Xwayland: Use-after-free of the root cursor

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free...

kernel: wifi: iwlwifi: mvm: fix 6 GHz scan construction

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8,...

kernel: net/iucv: Avoid explicit cpumask var allocation on stack

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code...

EulerOS 2.0 SP10 : freetype (EulerOS-SA-2025-1509)

According to the versions of the freetype package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font...

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

CVE-2025-37887 pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result

In the Linux kernel, the following vulnerability has been resolved: pdscore: handle unsupported PDSCORECMDFWCONTROL result If the FW doesn't support the PDSCORECMDFWCONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev info" devlink...

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

CVE-2025-47424

CVE-2025-47424 affects Retool (self-hosted) prior to 3.196.0. The underlying issue is a Host header injection when BASE_DOMAIN is not set, allowing manipulation of the HTTP Host header. The vulnerability is described with a potential impact on confidentiality/integrity (per the CVSS metrics) and ...