The Biosig Project libbiosig ISHNE ECG Annotations file parsing heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2232 The Biosig Project libbiosig ISHNE ECG Annotations file parsing heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-53853 SUMMARY A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig...

jetty-annotations-9.4.58-1.1 on GA media (moderate)

jetty-annotations-9.4.58-1.1 on GA media Announcement ID: openSUSE-SU-2025:15483-1 Rating: moderate Cross-References: CVE-2025-5115 CVSS scores: CVE-2025-5115 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-5115 SUSE : 8.7...

OPENSUSE-SU-2025:15482-1 jetty-annotations-9.4.58-1.1 on GA media

These are all security issues fixed in the jetty-annotations-9.4.58-1.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in openseadragon-qtip-annotations (npm)

The package openseadragon-qtip-annotations was found to contain malicious code...

MAL-2025-28331 Malicious code in openseadragon-qtip-annotations (npm)

The package openseadragon-qtip-annotations was found to contain malicious code...

ROS-20250814-02

Ingress controller vulnerability in Kubernetes ingress-nginx cluster is related to errors in the processing of Ingress object annotations. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

USN-7687-1 poppler vulnerabilities

Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2022-27337 Kevin Backhouse discovere...

RHSA-2025:12283 Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Bulletin has no description...

Oracle Linux 9 : jackson-annotations, / jackson-core, / jackson-databind, / jackson-jaxrs-providers, / and / jackson-modules-base (ELSA-2025-12280)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12280 advisory. jackson-annotations 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-core 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-103636...

RHSA-2025:12281 Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Bulletin has no description...

Important: Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Comm...

jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

jackson-annotations 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-core 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-103636 jackson-databind 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-jaxrs-providers 2.19.1-1 - Update to version 2.19.1 -...

ALSA-2025:12280 Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Core part of Jackson that defines Streaming API as well as basic shared abstractions. Security Fixes: com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

USN-7675-1 poppler vulnerability

Kevin Backhouse discovered that poppler incorrectly handled documents with a large number of annotations. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could use this issue to cause poppler to consume resources, leading to a denial of...

Security Bulletin: Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations. This may cause an authorization bypass, which affects IBM watsonx.data

Summary Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized...

Spring Data JDBC and R2DBC 4.0 will support Composite IDs

I'm happy to announce, that Spring Data JDBC and R2DBC finally support Composite IDs starting with version 4.0.0-M4. Most of you probably know, but just to make sure everyone has the same understanding: From the database point of view a composite id or composite key is a primary key that consists...

CVE-2025-38037 vxlan: Annotate FDB data races

In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as 1. Can be reproduced using 2. Suppress these reports by...

Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.

Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41232...

jetty-annotations-9.4.57-1.1 on GA media (moderate)

jetty-annotations-9.4.57-1.1 on GA media Announcement ID: openSUSE-SU-2025:15160-1 Rating: moderate Cross-References: CVE-2024-13009 CVE-2024-6763 CVSS scores: CVE-2024-13009 SUSE : 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2024-6763 SUSE : 4.8...

OPENSUSE-SU-2025:15160-1 jetty-annotations-9.4.57-1.1 on GA media

These are all security issues fixed in the jetty-annotations-9.4.57-1.1 package on the GA media of openSUSE Tumbleweed...