UBUNTU-CVE-2025-40056

In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copytoiter return value check The return value of copytoiter can't be negative, check whether the copied length is equal to the requested length instead of checking for negative values...

[SECURITY] [DSA 6039-1] openjdk-25 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6039-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 26, 2025 https://www.debian.org/security/faq -...

Debian dsa-6039 : openjdk-25-dbg - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6039 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6039-1 [email protected] https://www.debian.org/securit...

Debian dsa-6037 : openjdk-21-dbg - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6037 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6037-1 [email protected] https://www.debian.org/securit...

EUVD-2012-2945

Malware in sbrugna...

EUVD-2005-4728

Malware in sbrugna...

drm/vc4: don't check if plane->state->fb == state->fb

...

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

CVE-2025-54336

CVE-2025-54336 (Plesk Obsidian 18.0.70) is a vulnerability where _isAdminPasswordValid uses a weak == comparison in admin/plib/LoginManager.php, enabling authentication bypass if the correct password has the form "0e" followed by digits. This can let an attacker log in with strings evaluating to ...

Private Rate-Constrained Optimization with Applications to Fair Learning

Many problems in trustworthy ML can be formulated as minimization of the model error under constraints on the prediction rates of the model for suitably-chosen marginals, including most group fairness constraints demographic parity, equality of odds, etc.. In this work, we study such constrained...

CVE-2005-4735

IBM DB2 Universal Database UDB 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service application crash via 1 certain equality predicates that trigger self-removal, aka IY70808; and 2 a query with more than 32000 elements in the IN-list, aka LI70817...

Rapid7 Recognized with Top Score of 100 in 2025 Corporate Equality Index

On January 7, the Human Rights Campaign Foundation released their 2025 Corporate Equality Index CEI, where Rapid7 earned a top score of 100. The CEI is the nation’s leading benchmark for LGBTQ+ workforce equality, evaluating policies and practices in areas such as non-discrimination, equitable...

`idna` accepts Punycode labels that do not produce any non-ASCII when decoded

idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...

Timing Attack

basic-auth-connect is vulnerable to Timing Attack. The vulnerability is due to improper implementation of the equality comparison, where the comparison function reveals differences in the time taken to process incorrect versus correct input, allowing an attacker to infer sensitive information bas...

CVE-2024-47178

The CVE-2024-47178 issue affects basic-auth-connect (

CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

SUSE CVE-2024-46738

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmciresourceremove When removing a resource from vmciresourcetable in vmciresourceremove, the search is performed using the resource handle by comparing context and resource...

RHEL 5 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

BIT-DRUPAL-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

PT-2023-31477 · Testlink · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink versions 1.9.20 and earlier Description: The issue allows type juggling for authentication bypass because the === operator is not used. This can lead to unauthorized access. Recommendations: For versions 1.9.20 and earlier, consider...