CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

CVE-2024-47408

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcdv2extoffset when receiving proposal msg When receiving proposal msg in server, the field smcdv2extoffset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcdv2extoffset...

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by an issue in OpenSSL (CVE-2024-2511)

Summary An issue was identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the IBM i...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2023-6237 and CVE-2024-0727)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

Information Disclosure

IBM MQ is vulnerable to Information Disclosure. The vulnerability exists when the Advanced Message Security setup is enabled which can leak sensitive information through trace files...

IBM MQ Information Disclosure (6985837)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 6985837 advisory. - When Advanced Message Security setup is enabled, there is an issue with IBM MQ tracing logic that means sensitive data can be captured while IBM MQ trace is running...

Security Bulletin: IBM MQ trace can inadvertently trace sensitive data (CVE-2023-28950)

Summary When Advanced Message Security setup is enabled, an issue was identified with IBM MQ tracing logic that meant sensitive data could be captured while IBM MQ trace was running. This data would be stored in plaintext within the IBM MQ trace files. Vulnerability Details CVEID:CVE-2023-28950...

CVE-2022-47930

CVE-2022-47930 affects IO FinNet tss-lib prior to 2.0.0. The root cause is that the parameter ssid used to define a session id is not applied through the MPC implementation, and the Schnorr proof of knowledge in sch.go does not utilize a session id, context, or random nonce when generating the ch...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platforms is affected by a buffer overflow issue in OpenSSL (CVE-2022-3602, CVE-2022-3786)

Summary A buffer overflow issue was identified with OpenSSL, which IBM MQ 9.3.0 LTS on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which i...

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL error while parsing an ASN.1 data. (CVE-2018-0739)

Summary IBM MQ have addressed a vulnerability whereby OpenSSL could allow a remote attacker to execute a denial of service attack by sending specially crafted ASN.1 data. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only. Vulnerability Details CVEID: CVE-2018-0739...

Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL error while parsing an IPAdressFamily extension in an X.509 certificate. (CVE-2017-3735)

Summary IBM MQ have addressed a vulnerability whereby OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only...

Combatting SMS and phone fraud: UK government issues guidance

The UK’s National Cyber Secuity Centre NCSC has published a guide to help make your organizations SMS and telephone messages effective and trustworthy. SMS and telephone calls represent an extremely effective means of mass communication. As such they are essential tools for most organizations,...

CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves via encryption and signing of the message can be bypassed by changing the Content-Type of the message to text/plain...

Rocket.Chat 跨站脚本漏洞

Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in versions prior to Rocket.Chat 3.11, 3.10.5, 3.9.7, and 3.8.8 that allows remote attackers to inject arbitrary JavaScript into messages...

OPENSUSE-SU-2020:2062-1 Security update for krb5

This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message bsc1178512. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security Bulletin: Various IBM WebSphere MQ Installers are susceptible to DLL-planting vulnerabilities (CVE-2016-2542 & CVE-2016-4560)

Summary Various IBM WebSphere MQ graphical user interface installers are susceptible to a DLL-planting vulnerability where a malicious DLL, that is present in the Windows search path, could be loaded by the operating system in place of the genuine file. The vulnerability affects Windows executabl...