Explore top 10 tips to secure your open-source projects now. Read More
×An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for cacti ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0189-1 Rating: moderate References: Cross-References: CVE-2024-27355 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cacti fixes the following issues: - Update to version 1.2.30+git457.e55c2aea: * docs(changelog): add security fix refs for 1.2.31 (#7170) * fix: Upgrade DOMPurify again for additional hardening (#7168) * security: Ensure that reports does not work as guest (#7167) * Update translation files * security: GHSA-m7v2-f3xw-3qh7 - User Enumeration via Error Messages (#7166) * chore: Move around developers, rest in peace my friend (#7165) * Import undefined variable (#7164) * fix: guard api_plugin_moveup/movedown against NULL prior/next id (1.2.x backport) (#7158) * fix(correctness): loop-state leaks, chunk-aware poller CRC, header-suppression and tree false-guards (1.2.x) (#7151) * fix: Remove composer.lock (#7156) * test: source-pattern coverage backfill for PR 7148, 7149, 7150 (#7153) * fix: CVE-2024-27355 in phpseclib (#7155) * chore: Update ChangeLogs (#7152) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-189=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): cacti-1.2.30+git457.e55c2aea-bp157.2.12.1 References: https://www.suse.com/security/cve/CVE-2024-27355.html . Update for openSUSECacti resolves moderate security issue from CVE-2024-27355 and enhances software stability.. openSUSE security, Cacti update, CVE-2024-27355, software vulnerability, moderate severity. . Severity: moderate. LinuxSecurity.com Team
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for cacti ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0189-1 Rating: moderate References: Cross-References: CVE-2024-27355 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cacti fixes the following issues: - Update to version 1.2.30+git457.e55c2aea: * docs(changelog): add security fix refs for 1.2.31 (#7170) * fix: Upgrade DOMPurify again for additional hardening (#7168) * security: Ensure that reports does not work as guest (#7167) * Update translation files * security: GHSA-m7v2-f3xw-3qh7 - User Enumeration via Error Messages (#7166) * chore: Move around developers, rest in peace my friend (#7165) * Import undefined variable (#7164) * fix: guard api_plugin_moveup/movedown against NULL prior/next id (1.2.x backport) (#7158) * fix(correctness): loop-state leaks, chunk-aware poller CRC, header-suppression and tree false-guards (1.2.x) (#7151) * fix: Remove composer.lock (#7156) * test: source-pattern coverage backfill for PR 7148, 7149, 7150 (#7153) * fix: CVE-2024-27355 in phpseclib (#7155) * chore: Update ChangeLogs (#7152) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-189=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): cacti-1.2.30+git457.e55c2aea-bp157.2.12.1 References: https://www.suse.com/security/cve/CVE-2024-27355.html . A security update foropenSUSE provides a fix for a moderate risk issue in Cacti, addressing user enumeration vulnerabilities.. openSUSE security patch, Cacti security fix, PHPseclib update. . Severity: moderate. LinuxSecurity.com Team
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. (CVE-2024-38875) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before . MGASA-2025-0039 - Updated python-django packages fix security vulnerabilities Publication date: 05 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0039.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-56374, CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, CVE-2024-39614, CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231, CVE-2024-53907, CVE-2024-53908 An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. (CVE-2024-38875) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. (CVE-2024-39329) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (CVE-2024-39330) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. (CVE-2024-39614) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a stringrepresentation of a number in scientific notation with a large exponent. (CVE-2024-41989) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. (CVE-2024-41990) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. (CVE-2024-41991) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. (CVE-2024-42005) An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. (CVE-2024-45230) An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). (CVE-2024-45231) An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. (CVE-2024-53907) An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection ifuntrusted data is used as an lhs value. (CVE-2024-53908) An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (CVE-2024-56374) References: - https://bugs.mageia.org/show_bug.cgi?id=33919 - https://bugs.mageia.org/show_bug.cgi?id=33387 - https://bugs.mageia.org/show_bug.cgi?id=33507 - https://www.openwall.com/lists/oss-security/2024/07/09/3 - https://www.djangoproject.com/weblog/2024/jul/09/security-releases/ - https://openwall.com/lists/oss-security/2024/08/06/2 - https://www.openwall.com/lists/oss-security/2024/09/03/3 - https://openwall.com/lists/oss-security/2024/12/04/3 - https://www.openwall.com/lists/oss-security/2025/01/14/2 - https://ubuntu.com/security/notices/USN-7205-1 - https://www.cve.org/CVERecord?id=CVE-2024-56374 - https://www.cve.org/CVERecord?id=CVE-2024-38875 - https://www.cve.org/CVERecord?id=CVE-2024-39329 - https://www.cve.org/CVERecord?id=CVE-2024-39330 - https://www.cve.org/CVERecord?id=CVE-2024-39614 - https://www.cve.org/CVERecord?id=CVE-2024-41989 - https://www.cve.org/CVERecord?id=CVE-2024-41990 - https://www.cve.org/CVERecord?id=CVE-2024-41991 - https://www.cve.org/CVERecord?id=CVE-2024-42005 - https://www.cve.org/CVERecord?id=CVE-2024-45230 - https://www.cve.org/CVERecord?id=CVE-2024-45231 - https://www.cve.org/CVERecord?id=CVE-2024-53907 - https://www.cve.org/CVERecord?id=CVE-2024-53908 SRPMS: - 9/core/python-django-4.1.13-1.2.mga9 . Revised python-django libraries address several urgent vulnerabilities, notably risks of Denial of Service and unauthorized user enumeration.. Django Security, Mageia, Python Updates, Denial Of Service. . Severity: Critical. LinuxSecurity.com Team
* bsc#1229823 * bsc#1229824 Cross-References: * CVE-2024-45230 . # Security update for python-Django Announcement ID: SUSE-SU-2024:3161-1 Rating: important References: * bsc#1229823 * bsc#1229824 Cross-References: * CVE-2024-45230 * CVE-2024-45231 CVSS scores: * CVE-2024-45230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823) * CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. (bsc#1229824) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3161=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3161=1 openSUSE-SLE-15.6-2024-3161=1 ## Package List: * SUSE Package Hub 15 15-SP6 (noarch) * python311-Django-4.2.11-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45230.html * https://www.suse.com/security/cve/CVE-2024-45231.html * https://bugzilla.suse.com/show_bug.cgi?id=1229823 * https://bugzilla.suse.com/show_bug.cgi?id=1229824 . Notices regarding Django release tackle denial-of-service vulnerabilities alongside user enumeration concerns.Significant updates specific to SUSE environments.. python-Django Security Advisory, SUSE Linux Updates, Denial-of-Service Vulnerability. . Severity: Important. LinuxSecurity.com Team
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0282-1 Rating: important References: #1229823 #1229824 Cross-References: CVE-2024-45230 CVE-2024-45231 CVSS scores: CVE-2024-45230 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-45231 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Django fixes the following issues: * CVE-2024-45230: Fixed Potential denial-of-service vulnerability in django.utils.html.urlize() (boo#1229823) * CVE-2024-45231: Potential user email enumeration via response status on password reset (boo#1229824) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-282=1 Package List: References: https://www.suse.com/security/cve/CVE-2024-45230.html https://www.suse.com/security/cve/CVE-2024-45231.html https://bugzilla.suse.com/1229823 https://bugzilla.suse.com/1229824 . Urgent notice from openSUSE regarding the update of python-Django and potential security vulnerabilities.. python-Django security fix, openSUSE advisory, SLE-15-SP5 update. . Severity: Important. LinuxSecurity.com Team
* bsc#1229823 * bsc#1229824 Cross-References: * CVE-2024-45230 . # Security update for python-Django Announcement ID: SUSE-SU-2024:3139-1 Rating: important References: * bsc#1229823 * bsc#1229824 Cross-References: * CVE-2024-45230 * CVE-2024-45231 CVSS scores: * CVE-2024-45230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.5 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823) * CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. (bsc#1229824) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3139=1 ## Package List: * openSUSE Leap 15.5 (noarch) * python3-Django-2.0.7-150000.1.33.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45230.html * https://www.suse.com/security/cve/CVE-2024-45231.html * https://bugzilla.suse.com/show_bug.cgi?id=1229823 * https://bugzilla.suse.com/show_bug.cgi?id=1229824 . SUSE-SU-2024:3140-2 resolves critical security vulnerabilities in python-Flask impacting openSUSE Leap 15.5.. python-django, openSUSE Leap, security advisory, software update, denial of service. . Severity: Important. LinuxSecurity.com Team
Several security vulnerabilities have been discovered in zabbix, a network monitoring solution, potentially allowing User Enumeration, Cross-Site-Scripting or Cross-Site Request Forgery. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3390-1
An update that fixes three vulnerabilities is now available. . openSUSE Security Update: Security update for nextcloud ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0089-1 Rating: moderate References: #1196905 #1196908 #1196952 Cross-References: CVE-2021-41239 CVE-2021-41241 CVE-2021-41741 CVSS scores: CVE-2021-41239 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-41239 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-41241 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-41241 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 (CWE-200): user enumeration setting not obeyed in User Status API (boo#1196905) - CVE-2021-41241 (CWE-863): groupfolders advanced permissions is not obeyed for subfolders (boo#1196908) - CVE-2021-41741 (CWE-400): High memory usage for generating preview of broken image(boo#1196952) - For more changes see https://nextcloud.com/changelog/#21-0-9 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2022-89=1 Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch): nextcloud-21.0.9-37.1 nextcloud-apache-21.0.9-37.1 References: https://www.suse.com/security/cve/CVE-2021-41239.html https://www.suse.com/security/cve/CVE-2021-41241.html https://www.suse.com/security/cve/CVE-2021-41741.html https://bugzilla.suse.com/1196905 https://bugzilla.suse.com/1196908 https://bugzilla.suse.com/1196952 . New release addresses several vulnerabilities in Nextcloud, improving security measures and elevating overall platform efficiency.. Nextcloud Security Update, openSUSE Vulnerability Fix, Update Instructions. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.