Azure Linux 3.0 Security Update: kernel (CVE-2025-38362)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38362 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check...

Azure Linux 3.0 Security Update: samba (CVE-2022-45141)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-45141 advisory. - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8...

CVE-2025-58743

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

CVE-2025-14115

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

Exploit for Out-of-bounds Write in Msi Afterburner

VortexCry-Ransomware VortexCry is an advanced ransomware that...

GHSA-4H3H-63V6-88QX ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

Summary An integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. Details The bounds check ptr + fieldlength end in components/api/proto.cpp can overflow when a malicious client sends a large fieldlength value. This affects all...

ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

Summary An integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. Details The bounds check ptr + fieldlength end in components/api/proto.cpp can overflow when a malicious client sends a large fieldlength value. This affects all...

EUVD-2026-3306

ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component...

EUVD-2025-206308

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

Restore to AWS EC2 Fails with: "ClientError: Unknown OS / Missing OS files."

Challenge When restoring a VM to AWS EC2, the following error occurs: StatusMessage: "CLIENTERROR : ClientError: Unknown OS / Missing OS files." Cause This issue occurs because Amazon recently began encrypting disks upon creation, resulting in new disks containing random data rather than zeros...

On Implementing Hybrid Post-Quantum End-To-End Encryption

The emergence of quantum computing poses a fundamental threat to current public key cryptographic systems. This threat is necessitating a transition to quantum resistant cryptographic alternatives in all the applications. In this work, we present the implementation of a practical hybrid end-to-en...

CVE-2025-58743

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

CVE-2025-58743

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

CVE-2025-58743 Insecure Encryption Algorithms Enable Brute-Force Database Credential Access in Milner ImageDirector Capture

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

CVE-2025-58743

CVE-2025-58743 affects Milner ImageDirector Capture on Windows. The root cause is use of a broken/des outdated DES algorithm in the Password class within C2SConnections.dll, enabling encryption brute-forcing to obtain database credentials. Affected versions are ImageDirector Capture 7.0.9.0 up to...

CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

CVE-2025-14115 IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

CVE-2025-14115

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

CVE-2025-14115

CVE-2025-14115 affects IBM Sterling Connect:Direct for UNIX Container. Concrete details from connected sources: vulnerable versions are 6.3.0.0 to 6.3.0.6_iFix016 and 6.4.0.0 to 6.4.0.3_iFix019. The root cause is hard-coded credentials used for inbound authentication, outbound communication, or i...