USN-7482-1: OpenJDK 17 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 17 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 17 incorrectly handled compiler transformations. An...

USN-7481-1 openjdk-lts vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 11 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 11 incorrectly handled compiler transformations. An...

USN-7480-1 openjdk-8 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An...

SUSE CVE-2022-49804

In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global register for currentstackpointer Commit 30de14b1884b "s390: currentstackpointer shouldn't be a function" made currentstackpointer a global register variable like on many other architectures. Unfortunately...

Targeted Fuzzing for Unsafe Rust Code: Leveraging Selective Instrumentation

Rust is a promising programming language that focuses on concurrency, usability, and security. It is used in production code by major industry players and got recommended by government bodies. Rust provides strong security guarantees achieved by design utilizing the concepts of ownership and...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...

CVE-2025-32972 The lesscss script service allows cache clearing without programming right

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 15.10.12, prior to 16.4.3, and prior to 16.8.0-rc-1, which stems from an improper check of the LESS compiler permissions...

SUSE-SU-2025:1399-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.27+6 April 2025 CPU CVEs: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data bsc1241274 + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access...

Important: java-21-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6...

CLSA-2025-1745588218 java-1.8.0-openjdk: Fix of 3 CVEs

Upgrade to shenandoah-jdk8u452-b09 fixing the following CVEs: - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling...

CLSA-2025-1745588191 java-1.8.0-openjdk: Fix of 3 CVEs

Upgrade to shenandoah-jdk8u452-b09 fixing the following CVEs: - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling...

CLSA-2025-1745587859 java-1.8.0-openjdk: Fix of 3 CVEs

Upgrade to shenandoah-jdk8u452-b09 fixing the following CVEs: - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling...

WordPress Crossword Compiler Puzzles plugin <= 5.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by astra.r3verii in WordPress Plugin Crossword Compiler Puzzles versions = 5.2...

Security update for orc

This update for orc fixes the following issues: CVE-2024-40897: Fixed stack-based buffer overflow inside the orc compiler when formatting error messages for certain input files bsc1228184. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:20272-1 Security update for orc

This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow inside the orc compiler when formatting error messages for certain input files bsc1228184...

EFFACT: a Highly Efficient Full-Stack FHE Acceleration Platform

Fully Homomorphic Encryption FHE is a set of powerful cryptographic schemes that allows computation to be performed directly on encrypted data with an unlimited depth. Despite FHE's promising in privacy-preserving computing, yet in most FHE schemes, ciphertext generally blows up thousands of time...

RHEL 8 / 9 : java-17-openjdk (RHSA-2025:3852)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3852 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security...

RHEL 7 / 8 / 9 : java-11-openjdk ELS (RHSA-2025:3848)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3848 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This...

RHEL 8 / 9 : java-21-openjdk (RHSA-2025:3855)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3855 advisory. The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes...