UBUNTU-CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog...

AZL-61729 CVE-2024-47619 affecting package syslog-ng for versions less than 4.3.1-3

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

CVE-2025-45237

Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...

Do Not Enable the rsync Service

The rsync service can synchronize data between servers or between local drive partitions. However, information leakage risks exist because rsync uses non-encrypted transmission protocols. If the rsync service is enabled and data is transmitted between servers over the network, attackers can...

CVE-2025-45237

Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...

CVE-2025-45237

Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...

DEBIAN-CVE-2025-2545

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...

CVE-2025-45237

Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...

Encrypted Federated Search Using Homomorphic Encryption

The sharing of information between agencies is effective in dealing with cross-jurisdictional criminal activities; however, such sharing is often restricted due to concerns about data privacy, ownership, and compliance. Towards this end, this work has introduced a privacy-preserving federated...

CVE-2025-45237

CVE-2025-45237 concerns DBSyncer v2.0.6 with an incorrect access control in the /config/download component. The issue could allow unauthenticated access to a JSON file that contains sensitive account information, including encrypted passwords. Impact is stated in sources as high confidentiality r...

PT-2025-19752 · Dbsyncer · Dbsyncer

Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: The issue is related to incorrect access control in the component /config/download of DBSyncer, allowing attackers to access a JSON file that contains sensitive account information, including the encrypted...

CVE-2023-53055

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

CVE-2025-46626

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service...

CVE-2023-53055

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

UBUNTU-CVE-2023-53055

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

CVE-2023-53055 fscrypt: destroy keyring after security_sb_delete()

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

CVE-2023-53055 fscrypt: destroy keyring after security_sb_delete()

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

CVE-2025-46626

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service...

CVE-2025-46626

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service...