April 2025 – Yet Another News Aggregator Channel

Security Scorecard’s Dr. Aleksandr Yampolskiy discusses securing what you don’t own with supply chain detection and response.SCM feed for Endpoint/Device

Security Vulns

April 30, 2025 Yanac

CVE-2024-13943 | Tesla Model S 7.1/2023.44.29/2024.2/2024.2.3 QCMAP_ConnectionManager sandbox (ZDI-25-262)

A vulnerability, which was classified as critical, was found in Tesla Model S 7.1/2023.44.29/2024.2/2024.2.3. Affected is an unknown function of

Month: April 2025

openSUSE 2025:1420-1 critical: redis denial of service patch

SUSE: 2025:1420-1 important: redis buffer overflow mitigated

SUSE Linux Server 15 SP5: 2025:1419-1 important: redis DoS issue

openSUSE: 2025:1419-1 important: redis denial of service patch

Debian 11: DLA-4145-1 urgent: expat XML parser vulnerability fix

Debian 11: DLA-4146-1 moderate: libxml2 out-of-bounds and heap overflow

CVE-2024-3596 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation (Severity: MEDIUM)

CVE-2024-5920 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator (Severity: LOW)

RSAC 2025 executive interview: Security Scorecard’s Aleksandr Yampolskiy

CVE-2024-13943 | Tesla Model S 7.1/2023.44.29/2024.2/2024.2.3 QCMAP_ConnectionManager sandbox (ZDI-25-262)