TikTok: Major investigation launched into platform’s use of children’s data

TikTok is the subject of yet another major investigation, reports BBC News. This time around, the UK’s Information Commissioner's Office ICO is going to look at how the data of 13 to 17-year-olds feeds the algorithm that decides what further content to show. The ICO introduced a children’s code f...

Linux Distros Unpatched Vulnerability : CVE-2010-3614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security...

Use Of A Broken Or Risky Cryptographic Algorithm

Easy-RSA is vulnerable to weak encryption algorithm usage. The vulnerability is due to insecure key generation due to the use of a weak default encryption algorithm when creating the private CA key with OpenSSL 3, and attackers can exploit this to more easily brute-force the CA private key and...

OESA-2025-1208 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by...

OESA-2025-1207 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by...

The vulnerability of the SSH protocol implementation in the software for managing Brocade SANnav networks allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSH protocol’s software for managing SAN networks in Brocade SANnav systems is related to the use of the outdated cryptographic algorithm SHA-1. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information by connecting to po...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in JWT

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of JWT Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CWE:CWE-327: Use of a Broken or Risky...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...

DEBIAN-CVE-2022-49627

In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in imainitcrypto On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the imaalgoarray. Add the missing kfree for imaalgoarray to avoid the potential memory leak...

UBUNTU-CVE-2022-49627

In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in imainitcrypto On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the imaalgoarray. Add the missing kfree for imaalgoarray to avoid the potential memory leak...

CVE-2022-49627 ima: Fix potential memory leak in ima_init_crypto()

In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in imainitcrypto On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the imaalgoarray. Add the missing kfree for imaalgoarray to avoid the potential memory leak...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from imainitcrypto not freeing imaalgoarray when the allocation of a SHA1 tfm fails, which could lead to a memory...

Siemens SIMATIC Devices Linux Kernel Use of a Broken or Risky Cryptographic Algorithm (CVE-2022-1434)

When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication. This plugin only works with Tenable.ot. Please visit...

openSUSE 15 Security Update : radare2 (openSUSE-SU-2025:0072-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0072-1 advisory. - CVE-2025-1378: Fixed memory corruption boo1237250 https://github.com/radareorg/radare2/releases/tag/5.9.0 Update to version 5.8.8: For details, check...

SUSE CVE-2025-0509

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle's EdDSA signing checks...

kernel: xfrm: fix one more kernel-infoleak in algo dumping

A vulnerability was found in the xfrm module in the Linux Kernel. This issue was discovered during fuzz testing, where uninitialized memory containing potentially sensitive data was inadvertently copied to user-space. This issue occurs when dumping IPsec algorithm data structures, exposing random...

IBM Cognos Controller 加密问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. IBM Cognos Controller suffers from an encryption issue...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ima: fixed the buffer overflow issue in imaeventdigestinitcommon. The function imaeventdigestinit calls imaeventdigestinitcommon, using HASHALGOLAST. This value is then used to access the array hashdigestsize, resulting in a buff...

Logsign Unified SecOps Platform 授权问题漏洞

Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. used to collect, store, analyze, and respond to security data from a variety of sources. Logsign Unified SecOps Platform has an authorization issue vulnerability that stems from not properly implementing the...

CVE-2025-25183

A flaw was found in the vllm package. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. The impact of a collision would be using a cache that was generated using different content...