[SECURITY] [DLA 4247-1] djvulibre security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4247-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk July 21, 2025 https://wiki.debian.org/LTS -...

Quantum Skyshield: Quantum Key Distribution and Post-Quantum Authentication for Low-Altitude Wireless Networks in Adverse Skies

Recently, low-altitude wireless networks LAWNs have emerged as a critical backbone for supporting the low-altitude economy, particularly with the densification of unmanned aerial vehicles UAVs and high-altitude platforms HAPs. To meet growing data demands, some LAWN deployments incorporate...

CVE-2025-24391

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....

CVE-2025-24391

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....

CVE-2025-24391 Possible user enumeration

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....

CVE-2025-24391 Possible user enumeration

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....

CVE-2025-24391

OTRS exposes an user-enumeration flaw via its External Interface affecting OTRS 7.0.X, 8.0.X, 2023.X, 2024.X, and 2025.X. Attackers can infer valid email addresses from differing HTTP response codes/messages, per multiple sources (e.g., Red Hat, SUSE, PT-2025-29438). CVSS 3.1 impact: LOW confiden...

Several New Classes of Self-Orthogonal Minimal Linear Codes Violating the Ashikhmin-Barg Condition

Whitepaper called Several New Classes Of Self-Orthogonal Minimal Linear Codes Violating The Ashikhmin-Barg Condition...

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

NVIDIA is urging customers to enable System-level Error Correction Codes ECC as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units GPUs. "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design...

DRUPAL-CONTRIB-2025-085

This module enables you to allow and/or require a second authentication method in addition to password authentication. The module does not sufficiently ensure that users with enhanced privileges are prevented from viewing recovery codes of other users. This vulnerability is mitigated by the fact...

CVE-2024-35164

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be...

UBUNTU-CVE-2024-35164

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be...

CVE-2024-35164

CVE-2024-35164 affects Apache Guacamole guacd terminal emulator. The vulnerability arises when the terminal emulator does not properly validate console codes received from text-based protocols (e.g., SSH), allowing a malicious user with access to a text-based connection to craft console code sequ...

CVE-2024-35164

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be...

CVE-2024-35164 Apache Guacamole: Improper input validation of console codes

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be...

PDFs: Portable documents, or perfect deliveries for phish?

Cisco recently developed and released an update to its brand impersonation detection engine for emails. This new update enhances detection coverage and includes a wider range of brands that are delivered using PDF payloads or attachments. A significant portion of email threats with PDF payloads...

Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085

This module enables you to allow and/or require a second authentication method in addition to password authentication. The module does not sufficiently ensure that users with enhanced privileges are prevented from viewing recovery codes of other users. This vulnerability is mitigated by the fact...

CVE-2025-53099 Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a...

com.apzda.cloud:apzda-cloud-gsvc-seata (>=1.2.22 <=3.4.0), io.xuxiaowei.seata:seata-server (>=2.1.0 <=2.2.0) +56 more potentially affected by CVE-2024-47552 +1 more via org.apache.seata:seata-config-core (>=2.1.0 <=2.2.0)

org.apache.seata:seata-config-core MAVEN version =2.1.0, =1.2.22, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.2.0 and more Source cves: CVE-2024-47552, CVE-2025-32897 Source advisory: OSV:GHSA-M964-FJRH-XXQ2...

A Locally Differential Private Coding-Assisted Succinct Histogram Protocol

A succinct histogram captures frequent items and their frequencies across clients and has become increasingly important for large-scale, privacy-sensitive machine learning applications. To develop a rigorous framework to guarantee privacy for the succinct histogram problem, local differential...