Siemens SCALANCE and RUGGEDCOM Covert Timing Channel (CVE-2025-9231)

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

CVE-2017-18684

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 February 2017...

EUVD-2017-9775

Malware in sbrugna...

Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...

XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider

Impact Even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider by providing its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the...

CVE-2017-18684

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 February 2017...

Code injection

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 February 2017...