CVE-2025-39924

In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not properly apply to new encoded extents. Unify the algorithm check with ZEROFSCOMPRESSIONRUNTIMEMAX and ensure consistency with...

UBUNTU-CVE-2025-39924

In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not properly apply to new encoded extents. Unify the algorithm check with ZEROFSCOMPRESSIONRUNTIMEMAX and ensure consistency with...

CVE-2025-39924

The CVE-2025-39924 issue concerns the Linux kernel erofs subsystem: encoded extents with an invalid algorithm check. The problem was that the existing sanity checks did not properly apply to the new encoded extents, and the fix unifies the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX an...

CVE-2025-39924 erofs: fix invalid algorithm for encoded extents

In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not properly apply to new encoded extents. Unify the algorithm check with ZEROFSCOMPRESSIONRUNTIMEMAX and ensure consistency with...

PT-2025-40098

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains an issue within the erofs filesystem related to encoded extents. The algorithm sanity checks do not correctly apply to new encoded extents, leading to...

GE Multilin UR Family Inadequate Encryption Strength (CVE-2013-2566)

Prior to UR firmware Version 8.1x, UR supported various encryption and MAC algorithms for SSH communication, some of which are weak. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Red Teaming Quantum-Resistant Cryptographic Standards: A Penetration Testing Framework Integrating AI and Quantum Security

This study presents a structured approach to evaluating vulnerabilities within quantum cryptographic protocols, focusing on the BB84 quantum key distribution method and National Institute of Standards and Technology NIST approved quantum-resistant algorithms. By integrating AI-driven red teaming,...

security-guide-for-developers

This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.10), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.10) +49 more potentially affected by CVE-2025-10769 via ai.h2o:h2o-core (>=0.1.10 <=3.8.3.4)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.8.2.4, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.10 and more Source cves: CVE-2025-10769 Source advisory: SNYK:JAVA-AIH2O-13003701...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.10), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.10) +49 more potentially affected by CVE-2025-10768 via ai.h2o:h2o-core (>=0.1.10 <=3.8.3.4)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.8.2.4, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.10 and more Source cves: CVE-2025-10768 Source advisory: SNYK:JAVA-AIH2O-13003702...

SUSE-SU-2025:03268-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server...

Security update for curl

This update for curl fixes the following issues: Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: CVE-2025-0665: eventfd double close can cause libcurl to act unreliably bsc1236589. CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks...

Imperva API Security: Authentication Risk Report—Key Findings & Fixes

An in-depth analysis of common JSON Web Token JWT mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs . Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and IoT. That scale and utility also make them pri...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.10), ai.h2o:h2o-algos (>=3.0.0.5 <=3.46.0.10) +44 more potentially affected by CVE-2025-5662 via ai.h2o:h2o-core (>=3.0.0.12 <=3.46.0.7)

ai.h2o:h2o-core MAVEN version =3.0.0.12, =3.34.0.1, =3.0.0.5, =3.0.0.5, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.10 and more Source cves: CVE-2025-5662 Source advisory: SNYK:JAVA-AIH2O-12485437...

CVE-2025-33102

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Weak Encryption

jose is vulnerable to weak encryption. The vulnerability is due to encryption algorithms that are claimed to not meet recommended security standards, which allows an attacker to potentially bypass intended cryptographic strength...

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-debug-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by...

Linux Distros Unpatched Vulnerability : CVE-2024-26590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms ...

Botan C++ Crypto Algorithms Library 3.9.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...