RHEL 10 : podman (RHSA-2026:17040)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17040 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

Apache Tomcat 9.0.92 < 9.0.117 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.117. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.117security-9 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin...

GHSA-QCMW-8MM4-4P28 Antrea has Missing Encryption of Sensitive Data

Impact This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctl...

OESA-2026-1749 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based...

Restore to AWS EC2 Fails with: "ClientError: Unknown OS / Missing OS files."

Challenge When restoring a VM to AWS EC2, the following error occurs: StatusMessage: "CLIENTERROR : ClientError: Unknown OS / Missing OS files." Cause This issue occurs because Amazon recently began encrypting disks upon creation, resulting in new disks containing random data rather than zeros...

CVE-2023-40440

This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted...

CVE-2019-18238

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...

CVE-2023-49927

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not...

CVE-2023-25957

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions = V1.16.4 = V2.2.0 = V3.1.9 = V3.1.8 = V3.1.9 = V3.1.8 V3.2.6. The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass...

CVE-2023-50257

eProsima Fast DDS formerly Fast RTPS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data pUD and guid values used to disconnect between nodes are not encrypted, a vulnerability has be...

CVE-2022-31044

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipsets from Qualcomm, an American company. A security vulnerability exists in Qualcomm Chipsets that stems from a possible encryption issue when encrypting license data...

Kentico Xperience 加密问题漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a security vulnerability that can be exploited by an attacker to cause URL hashes to be tampered with...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

The US Won't Sanction China for Salt Typhoon Hacking

Plus: Officials warn of a disturbingly stealthy Chinese malware specimen, a CISA nomination stalls, and more...

Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.51 fixes various security issues The following security issues were fixed: CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow bsc1242882. CVE-2025-38500: xfrm: interface: fix use-after-free after changing collectmd xfrm...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Inside Track 加密问题漏洞

Inside Track is a horse racing betting engine by the individual developer Lumina Mescuwa. Inside Track suffers from an encryption issue vulnerability that stems from the VDF encryption system not enforcing a sequential delay, which could lead to immediate decryption...

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2025-9230 , CVE-2025-9232 Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based...

SUSE CVE-2022-50341

In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR =...