Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorycriticalimportant

openSUSE: 2023:0036-1 Important: ovmf Insufficient Input Validation

An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0036-1 Rating: important References: #1188371 Cross-References: CVE-2019-11098 CVSS scores: CVE-2019-11098 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-11098 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issues: - CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-36=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-36=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-36=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-36=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-36=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-36=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-36=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-36=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-36=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-36=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-36=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-36=1 Package List: - openSUSE Leap Micro 5.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Manager Server 4.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Manager Server 4.2 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Manager Retail Branch Server 4.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Manager Proxy 4.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Manager Proxy 4.2 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise Server for SAP 15-SP3(noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise Micro 5.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Linux Enterprise Micro 5.1 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Enterprise Storage 7.1 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 References: https://www.suse.com/security/cve/CVE-2019-11098.html https://bugzilla.suse.com/1188371 . SUSE Security Patch for ovmf (SUSE-SU-2023:0036-2) addresses a significant vulnerability. Complete setup guidelines are included.. ovmf update,SUSE security, patch instruction, critical fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 06, 2023 Important OpenSUSE
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian 5.0 Lenny DSA-2060-1 Critical: Cacti SQL Injection Attack

Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- Debian Security Advisory DSA-2060-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Nico Golde June 13th, 2010 http://www.debian.org/security/faq - --------------------------------------------------------------------------- Package : cacti Vulnerability : insufficient input sanitization Problem type : remote Debian-specific: no Debian bug : 582691 CVE ID : CVE-2010-2092 Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value. For the stable distribution (lenny), this problem has been fixed in version 0.8.7b-2.1+lenny3. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 0.8.7e-4. We recommend that you upgrade your cacti packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources fromthe footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 1117 bd9650c8f8a8cd1ab9bcf9385516948f Size/MD5 checksum: 37818 5a336fe8cf710c833521544c121827d2 Size/MD5 checksum: 1972444 aa8a740a6ab88e3634b546c3e1bc502f Architecture independent packages: Size/MD5 checksum: 1855976 a7f99b878d484cb6efaab85357b53b66 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . The Debian Security Notice DSA-2060-2 tackles vulnerabilities in cacti concerning SQL injection; ensure to update your packages for enhanced security.. cacti Monitoring, SQL Injection Fix, Debian Advisory, Input Sanitization. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 13, 2010 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiancross site scripting

Debian 4.0: DSA-1568-1 Critical: B2evolution Scripting Flaws

"unsticky" discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1568-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst May 05, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : b2evolution Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-0175 Debian Bug : 410568 "unsticky" discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting. For the stable distribution (etch), this problem has been fixed in version 0.9.2-3+etch1. For the unstable distribution (sid), this problem has been fixed in version 0.9.2-4. We recommend that you upgrade your b2evolution (0.9.2-3+etch1) package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 14774 0513ba676280c394ab9494ccdfea35e5 Size/MD5 checksum: 2754129 6014a784ecc92a3a875e7ac69939047b Size/MD5 checksum: 882 3938cec5016aa5ac8c838ee668121832 Architecture independent packages: Size/MD5 checksum: 2818756 6174d72fee72c0f6ff6e4221344799cc These files will probably be moved into the stable distribution on its nextupdate. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-1568-1 http://www.debian.org/security/ Thijs Kinkhorst May 05, 2008 htt. unsticky', b2evolution, engine, performs, insufficient, input, sanitising, allow. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 05, 2008 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentoohigh severity

Gentoo 200611-14 High: TORQUE Insecure File Creation Risk

TORQUE creates temporary files in an insecure manner which could lead to the execution of arbitrary code with elevated privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TORQUE: Insecure temproary file creation Date: November 20, 2006 Bugs: #152104 ID: 200611-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= TORQUE creates temporary files in an insecure manner which could lead to the execution of arbitrary code with elevated privileges. Background ========= TORQUE is a resource manager providing control over batch jobs and distributed compute nodes. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/torque < 2.1.2-r2 > = 2.1.2-r2 Description ========== TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems with more permissive access rights to the spool directory are vulnerable. Impact ===== A local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. This could lead to the execution of arbitrary code with elevated privileges. Workaround ========= Ensure that untrusted users don't have write access to the spool directory. Resolution ========= All TORQUE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-cluster/torque-2.1.2-r2" References ========= [ 1 ] CVE-2006-5677 https://www.cve.org/CVERecord?id=CVE-2006-5677 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200611-14 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo GLSA 202303-07 alerts users about a critical vulnerability in OpenSSH that may lead to severe security compromises.. Gentoo, TORQUE Exploit, System Safety, File Security, Code Execution. . LinuxSecurity.com Team

Calendar 2 Nov 21, 2006 Gentoo
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here