CVE-2025-48522

In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

[SECURITY] [DLA 4292-1] clamav security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4292-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro September 04, 2025 https://wiki.debian.org/LTS -...

CLSA-2025-1756961235 nss: Fix of CVE-2023-5388

CVE-2023-5388: fix timing attack against RSA decryption in TLS r=jschanck...

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

...

Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl

...

CVE-2025-33102

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Linux Distros Unpatched Vulnerability : CVE-2020-11031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a...

CVE-2025-33102

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-33102

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IBM Concert Software 加密问题漏洞

IBM Concert Software is an application lifecycle risk identification software from International Business Machines IBM. An encryption issue vulnerability exists in IBM Concert Software versions 1.0.0 through 1.1.0, which stems from a weak encryption algorithm that could lead to the decryption of...

PT-2025-35487

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software uses cryptographic algorithms that are weaker than expected, potentially allowing an attacker to decrypt sensitive information. Recommendations: Update IBM...

CVE-2025-7071

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...

CVE-2024-46917

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g.,...

Linux Distros Unpatched Vulnerability : CVE-2022-2031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt...

CVE-2024-46916

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file. This can allow code execution and, ...

CVE-2025-7383 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...

CVE-2024-46916

Diebold Nixdorf Vynamic Security Suite up to version 4.3.0 SR06 contains a vulnerability where a delete operation in /etc/rc.d/init.d/mountfs can remove critical system files (e.g., /etc/fstab) before the filesystem is mounted. This can lead to code execution and, in some versions, enable recover...

CVE-2024-46916

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file. This can allow code execution and, ...

CVE-2024-46916

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file. This can allow code execution and, ...

CVE-2024-46917

The CVE-2024-46917 entry concerns Diebold Nixdorf Vynamic Security Suite up to version 4.3.0 SR01. The vulnerability arises because integrity validation does not validate file attributes or the contents of the /root directory, enabling malicious actions. Reported impact includes code execution, r...