CVE-2025-34337

Summary (CVE-2025-34337) The eGovFramework/egovframe-common-components package

CVE-2025-34337 eGovFramework <= 4.3.1 Unauthenticated Encryption Oracle via Web Editor Image Upload Endpoints

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2025-9230 , CVE-2025-9232 Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based...

SUSE CVE-2022-50341

In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR =...

egovframe-common-components 安全漏洞

egovframe-common-components is a collection of commonly used functions open-sourced by the e-Government Standard Framework Center. A security vulnerability exists in egovframe-common-components version 4.3.1 and earlier, which stems from a design flaw in symmetric encryption that could lead to an...

PT-2025-47486

Name of the Vulnerable Software and Affected Versions eGovFramework/egovframe-common-components versions up to and including 4.3.1 Description The Web Editor image upload functionality within the software uses symmetric encryption for URL parameters but reveals an encryption oracle. This allows...

GO-2025-4123 Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token high compression ratio in github.com/dvsekhvalnov/jose2go

Denial-of-Service DoS via crafted JSON Web Encryption JWE token high compression ratio in github.com/dvsekhvalnov/jose2go...

Siemens RUGGEDCOM Devices Inadequate Encryption Strength (CVE-2021-37209)

The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in- the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. This plugin only works with...

Siemens SIPROTEC Inadequate Encryption Strength (CVE-2024-38867)

The affected devices are supporting weak ciphers on several ports 443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS. This could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports. This plugin only...

CVE-2025-63811

A flaw was found in jose2go. This vulnerability allows an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

CVE-2025-60022

The CVE-2025-60022 issue affects the iOS app デジラアプリ (versions prior to 80.10.00). Root cause: improper server certificate validation, enabling a MITM, which could allow eavesdropping or tampering of encrypted communications. Affected platforms: iOS, with impact on confidentiality/integrity as des...

[SECURITY] Fedora 41 Update: python-pdfminer-20240706-3.fc41

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-4.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

[SECURITY] Fedora 43 Update: python-pdfminer-20251107-1.fc43

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

A Fuzzy Logic-Based Cryptographic Framework for Real-Time Dynamic Key Generation for Enhanced Data Encryption

With the ever-growing demand for cybersecurity, static key encryption mechanisms are increasingly vulnerable to adversarial attacks due to their deterministic and non-adaptive nature. Brute-force attacks, key compromise, and unauthorized access have become highly common cyber threats. This resear...

ModulithShop 信任管理问题漏洞

ModulithShop is an online shopping mall system from the individual developers of Shopsuite. ModulithShop suffers from a Trust Management Issue vulnerability that stems from misbehavior of the component RSA/OAuth2/Database, which could lead to hard-coded credentials...

7 Steps for Securing Generative AI in Enterprises

Think of your AI strategy like building a skyscraper. You wouldn't construct twenty floors and then try to figure out where the foundation should go. Security must be part of the blueprint from the very beginning. Bolting on security measures after an AI model is already in use is a recipe for...

AVEVA Edge 加密问题漏洞

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from UK-based Jianwei Software AVEVA. AVEVA Edge suffers from an encryption issue vulnerability that stems from an attacker being able to reverse engineer an Edge user's application native password or Active Directory password by...

GHSA-R9X7-7GGJ-FX9F PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

Summary Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victim to drag or...