3601 matches found
CVE-2025-52496
Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...
CVE-2025-52496
Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...
Security Bulletin: Multiple Vulnerabilities in IBM Event Processing
Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.1 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...
CLSA-2025-1751133506 Fix CVE(s): CVE-2025-21587, CVE-2025-30691, CVE-2025-30698
OpenJDK 8u452 release - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-April/019989.html...
CLSA-2025-1751133420 Fix CVE(s): CVE-2025-21587, CVE-2025-30691, CVE-2025-30698
Update to 8u452-ga fixing a number of CVEs - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-April/019989.html...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...
USN-7586-1: Botan vulnerabilities
It was discovered that Botan could have compiler dependent operations induced under certain circumstances. An attacker could possibly use this issue to cause undefined behavior. CVE-2024-50382, CVE-2024-50383 Bing Shi discovered that Botan did not limit the size of certain inputs when checking...
IDOL: Improved Different Optimization Levels Testing for Solidity Compilers
As blockchain technology continues to evolve and mature, smart contracts have become a key driving force behind the digitization and automation of transactions. Smart contracts greatly simplify and refine the traditional business transaction processes, and thus have had a profound impact on vario...
From Permissioned to Proof-of-Stake Consensus
This paper presents the first generic compiler that transforms any permissioned consensus protocol into a proof-of-stake permissionless consensus protocol. For each of the following properties, if the initial permissioned protocol satisfies that property in the partially synchronous setting, the...
Tech-ASan: Two-Stage Check for Address Sanitizer
Address Sanitizer ASan is a sharp weapon for detecting memory safety violations, including temporal and spatial errors hidden in C/C++ programs during execution. However, ASan incurs significant runtime overhead, which limits its efficiency in testing large software. The overhead mainly comes fro...
OESA-2025-1629 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG:...
Security update for java-1_8_0-openj9
This update for java-180-openj9 fixes the following issues: CVE-2025-4447: Fixed buffer overflow in Eclipse OpenJ9 bsc1243429. CVE-2025-30698: Fixed 2D unauthorized data access and DoS bsc1241276. CVE-2025-30691: Fixed Compiler Unauthorized Data Access bsc1241275. CVE-2025-21587: Fixed unauthoriz...
Security Bulletin: A vulnerability in Babel affects IBM Robotic Process Automation and could result in inefficient regular expression complexity (CVE-2025-27789).
Summary A vulnerability in Babel affects IBM Robotic Process Automation and could result in inefficient regular expression complexity CVE-2025-27789. Babel is used by IBM Robotic Process Automation as part of it's UI framework. This security bulletin identifies the fixes required to resolve the...
Empirical Quantification of Spurious Correlations in Malware Detection
End-to-end deep learning exhibits unmatched performance for detecting malware, but such an achievement is reached by exploiting spurious correlations -- features with high relevance at inference time, but known to be useless through domain knowledge. While previous work highlighted that deep...
Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities
Summary IBM Data Product Hub has dependencies on IBM Semeru and Node.js Axios & Babel runtime modules, which are vulnerable. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing...
CLSA-2025-1748629211 java-11-openjdk: Fix of 3 CVEs
Upgrade to openjdk-11.0.27+6 GA. The following CVEs were fixed: - CVE-2025-21587: fix TLS connection support to avoid unauthorized access to critical data - CVE-2025-30698: fix buffered image handling to avoid unauthorized access to accessible data - CVE-2025-30691: improve compiler...
SUSE-SU-2025:01565-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: - CVE-2025-22247: Fixed Insecure file handling bsc1243106 Other fixes: - Fixed GCC 15 compile time error bsc1241938 - Fix building with containerd 1.7.25+ bsc1237147 Full changelog:...
USN-7533-1 openjdk-17-crac vulnerabilities
Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of CRaC JDK 17 incorrectly handled compiler transformations. An...