CLSA-2026-1777310722 openldap: Fix of 15 CVEs

CVE-2019-13565: SASL session encryption SSF not reset on new connection, allowing downgrade - CVE-2020-12243: slapd crash via deeply nested LDAP search filter boolean expressions - CVE-2020-25692: NULL pointer dereference in slapd during modRDN request - CVE-2020-25709: slapd assertion failure...

GHSA-82FM-WPC2-5PMP Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...

CVE-2026-32309

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

CVE-2026-32309

Cryptomator (hub-based unlock flow) is affected prior to version 1.19.1. The vault metadata may drive OAuth and key-loading traffic over plaintext HTTP or insecure endpoint schemes instead of HTTPS, enabling a network attacker to observe or tamper with traffic. Bearer tokens and endpoint-level tr...

AMD Processors 安全漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, which stem from improper lockpick protection measures. These vulnerabilities may lead to firmware downgrades and loss of integrity. The following produc...

Debian dla-4290 : python3-h2 - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4290 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4290-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...

CVE-2023-20082

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...

CVE-2018-25029

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability CVE-2013-20003 to intercept and spoof traffic...

wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...

USN-2308-1 openssl vulnerabilities

Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3505 Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS...