OPENSUSE-SU-2025:20159-1 Security update for keylime

This update for keylime fixes the following issues: Update to version 7.13.0+40. Security issues fixed: - CVE-2025-13609: possible agent identity takeover due to registrar allowing the registration of agents with duplicate UUIDs bsc1254199. - CVE-2025-1057: registrar denial-of-service due to...

PT-2025-47583

Name of the Vulnerable Software and Affected Versions phpPgAdmin versions 7.13.0 and earlier Description phpPgAdmin versions 7.13.0 and earlier contain a SQL injection issue in the display.php file at line 396. The application directly uses user-provided input from the query parameter in the $...

CVE-2025-64484

OAuth2-Proxy is affected by a header smuggling vulnerability where authenticated users can exploit underscores in HTTP header names (e.g., X_Forwarded_For) to bypass upstream header filtering, potentially escalating privileges in the application behind the proxy. The issue occurs in deployments t...

WordPress Modern Events Calendar Plugin <= 7.12.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Modern Events Calendar Type Plugin Vulnerable versions = 7.12.1 Fixed in 7.13.0 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-6522 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 2c1730c6aa47 Credits Foxyyy Required...

Elastic Kibana 7.13.0 < 7.17.16, 8.0 < 8.11.2 Information Disclosure (ESA-2023-27)

The version of the Elastic Kibana instance on the remote host is 7.13.0 prior to 7.17.16 or 8.0 prior to 8.11.1. It is, therefore, affected by an information disclosure vulnerability. In the event of an infrequent error returned from an Elasticsearch cluster, in cases where there is user...

Atlassian Jira 7.13.0 < 7.13.12 Improper Authorization In Workflowresource Class

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 7.13.12 , 8.0.0 prior to 8.4.3 or 8.5.0 prior to 8.5.2. It is, therefore, affected by a vulnerability which permits authenticated remote attackers who do not have...

Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...

Atlassian Jira 7.13.x < 7.13.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4 or 8.0.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers to inject arbitrary HTM...

Elastic Kibana URL Redirection Vulnerability (ESA-2021-12)

Elastic Kibana is prone to an URL redirection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana";...

CVE-2019-17337 TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting XSS attack. Affected releases are TIBCO Software Inc.'...