EUVD-2022-54933

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: initialize registers in nftdochain Initialize registers to avoid stack leak into userspace...

EUVD-2025-20204

Malicious code in bioql PyPI...

EUVD-2021-34662

Malicious code in bioql PyPI...

EUVD-2025-2619

Malicious code in bioql PyPI...

CVE-2025-7066 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

CVE-2025-37768

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...

CVE-2024-58071 team: prevent adding a device which is already a team device lower

In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in...

CVE-2022-49122 dm ioctl: prevent potential spectre v1 gadget

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via...

CVE-2024-56716 netdevsim: prevent bad user input in nsim_dev_health_break_write()

In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsimdevhealthbreakwrite If either a zero count or a large one is provided, kernel can crash...

CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting XSS continue to appear in software, enabling threat actors...

CVE-2024-45017 net/mlx5: Fix IPsec RoCE MPV trace call

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

CVE-2024-40960

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6probe syzbot caught a NULL dereference in rt6probe 1 Bail out if in6devget returns NULL. 1 Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 ...

CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities

Today, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices CVE-2024-20399link is external,...

CVE-2024-35893

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbmod: prevent kernel-infoleak syzbot found that tcfskbmoddump was copying four bytes from kernel stack to user space 1. The issue here is that 'struct tcskbmod' has a four bytes hole. We need to clear the structur...

CVE-2024-35893 net/sched: act_skbmod: prevent kernel-infoleak

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbmod: prevent kernel-infoleak syzbot found that tcfskbmoddump was copying four bytes from kernel stack to user space 1. The issue here is that 'struct tcskbmod' has a four bytes hole. We need to clear the structur...

jewishvirtualreality.com Cross Site Scripting vulnerability OBB-3906594

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs

Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. The OWASP API Security Top 10, revised in 2023, provides a comprehensive guide to the critical issues that organizations must tackle to ensure the robust securit...

CVE-2023-52435

In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the following computation in skbsegment can reach it quite easily : mss = ms...

SUSE-SU-2024:0280-1 Security update for slurm_23_02

This update for slurm2302 fixes the following issues: Update to slurm 23.02.6: Security fixes: - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. bsc1218046 - CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an attacker to reuse root-level...

ringophone.com Cross Site Scripting vulnerability OBB-3837985

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...