[SECURITY] Fedora 42 Update: openbao-2.4.3-1.fc42

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

[SECURITY] Fedora 41 Update: openbao-2.4.3-1.fc41

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

EUVD-2025-36551

Contrast has insecure LUKS2 persistent storage partitions may be opened and used...

GHSA-F5P4-P5Q5-JV3H Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...

CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

CVE-2025-58356

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

EUVD-2025-36214

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21844)

smb: client: Add check for nextbuffer in receiveencryptedstandard This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503639; scriptversion"1.2";...

Linux Distros Unpatched Vulnerability : CVE-2025-11568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary...

Always Encrypted Kubernetes 数据伪造问题漏洞

Always Encrypted Kubernetes is a container encryption software open source by Edgeless Systems. A data forgery issue vulnerability exists in versions prior to Always Encrypted Kubernetes 2.24.0 that stems from insecure handling of the empty key slot algorithm, which could lead to unencrypted...

CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

Rocket TRUfusion Enterprise 安全漏洞

Rocket TRUfusion Enterprise is a product lifecycle management platform from Rocket USA. A security vulnerability exists in Rocket TRUfusion Enterprise version 7.10.4.0 and earlier, which stems from the use of a static key to create an encrypted cookie, which could lead to a forged cookie and acce...

CVE-2025-27223

TRUfusion Enterprise

crypto: essiv - Check ssize for decryption and in-place encryption

...

CVE-2025-40019

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essivaeadcrypt so that it's also checked for decryption and in-place encryption...

EUVD-2025-35742

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question...

CVE-2025-61977 AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question...