RHEL 10 : podman (RHSA-2026:20570)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20570 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

Unbreakable Enterprise kernel security update: Dirty Frag

6.12.0-201.74.2.3 - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present Hyunwoo Kim Orabug: 39342689 CVE-2026-43500 - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets David Howells Orabug: 39342689 - rxrpc: only handle RESPONSE during service challenge Wang Jie...

RockyLinux 9 : skopeo (RLSA-2026:3340)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3340 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...

keycloak: Keycloak TLS Client-Initiated Renegotiation Denial of Service

A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service DoS by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable...

EUVD-2001-0160

Malware in sbrugna...

EUVD-2024-49186

Malicious code in bioql PyPI...

EUVD-2022-1450

Malicious code in bioql PyPI...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A memory corruption vulnerability exists in BMC Control-M that stems from misconfiguration of SSL/TLS communication, no details of the vulnerability are provided a...

CLSA-2025-1756203636 java-11-openjdk: Fix of 5 CVEs

Upgrade to openjdk-11.0.28+6 GA.. The following CVEs were fixed: - CVE-2025-30749: better Glyph drawing - CVE-2025-30754: enhance TLS protocol support - CVE-2025-30761: improve scripting supports - CVE-2025-50059: improve HTTP client header handling - CVE-2025-50106: better Glyph drawing redux...

CVE-2022-24759

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...

CVE-2023-7005

A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field...

CVE-2023-7005

CVE-2023-7005 affects the TTLock ecosystem (TTLock App and Sciener firmware components) with a flaw where a specially crafted message to the TTLock App downgrades the cryptographic protocol used for communication and can disclose the unlockKey. The vulnerability is tied to how the app/lock pairin...

CVE-2024-8452

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially...

CVE-2024-8452

CVE-2024-8452 affects PLANET Technology switch models where SNMPv3 authentication/encryption rely on obsolete algorithms, enabling potential exposure of plaintext SNMPv3 credentials. The vulnerability is rooted in the SNMPv3 service cryptographic choices and is described with a high impact to con...

Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

Meta has officially begun to roll out support for end-to-end encryption E2EE in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet." "This isn't a routine security update: we rebuilt the app from the ground up, in close...

PT-2023-2800 · Mozilla +9 · Thunderbird +9

Name of the Vulnerable Software and Affected Versions: Thunderbird versions 68 through 102.9.1 Thunderbird versions prior to 102.10 Description: The issue is related to the implementation of the S/MIME protocol in the Thunderbird email client, specifically with errors in resource release. When...

SUSE CVE-2016-2141

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...

SUSE CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

Ubuntu: Security Advisory (USN-5371-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-24759

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...