SUSE-SU-2025:20824-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-10148: Predictable WebSocket mask bsc1249348 - Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 - tooloperate: fix return code when --retry is used but not triggere...

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2025:03268-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03268-1 advisory. Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies c...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2025:03267-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03267-1 advisory. Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to...

SUSE-SU-2025:03267-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...

SUSE-SU-2025:03198-1 Security update for curl

This update for curl fixes the following issues: Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably bsc1236589. - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attack...

PT-2023-23704 · Unknown · Monsterinsights Pro

Name of the Vulnerable Software and Affected Versions: MonsterInsights Pro versions prior to 8.14.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicious...

Atlassian Jira 8.14.0 < 8.14.1 Mobile Site Leaks Titles Of Privately Linked Tickets

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.13.2 or 8.14.0 prior to version 8.14.1. It is, therefore, affected by a vulnerability which permits unauthenticated remote attackers to view custom field and custom...

CVE-2019-20101

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist//check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1...

CVE-2019-20101

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist//check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1...

CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...

Atlassian JIRA < 8.5.11 / 8.6.x < 8.13.3 / 8.14.x < 8.14.1 Information Disclosure (JRASERVER-72000)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by an information disclosure vulnerability. A remote, authenticated attacker can exploit this to enumerate Jira projects in the Jira Projects plugin report page. Note that...

Gadget resource makeRequest defeats behind-the-firewall protection of app-linked resources - CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...

Lookout Mobile Security contains a denial-of-service vulnerability

Overview Lookout Mobile Security version 8.14.1-7fe5f1, and possibly earlier versions, contains a denial-of-service vulnerability. Description Lookout Mobile Security version 8.14.1-7fe5f1 crashes if an intent is sent to com.lookout.security.ScanTell with no arguments. --- Impact A malicious...