PT-2025-28278 · Sap Se · Sap Netweaver App Server Abap & Abap Platform

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code HMAC credential, extracted from a system missing specific security patches, is reused in a repla...

CLSA-2025-1751895517 krb5: Fix of CVE-2025-3576

CVE-2025-3576: possible spoofing of GSSAPI-protected messages using RC4-HMAC-MD5...

CLSA-2025-1751892444 krb5: Fix of CVE-2025-3576

CVE-2025-3576: possible spoofing of GSSAPI-protected messages using RC4-HMAC-MD5...

SAP NetWeaver ABAP Server和SAP ABAP Platform 安全漏洞

SAP NetWeaver ABAP Server and SAP ABAP Platform are both products of SAP, Germany.SAP NetWeaver ABAP Server is a Web application server used as an SAP product.SAP ABAP Platform is an ABAP-based SAP SAP NetWeaver ABAP Server is a Web application server for SAP products. A security vulnerability...

USN-7582-2: Samba regression

USN-7582-1 fixed vulnerabilities in Samba. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker...

ALSA-2025:9418 Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

krb5 security update

1.21.1-8.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.21.1-9 - Do not block HMAC-MD4/5 in FIPS mode Resolves: RHEL-88704 - Don't issue RC4 session keys by default CVE-2025-3576 Resolves: RHEL-88048 - Add PKINIT paChecksum2 from MS-PKCA v20230920 Resolves: RHEL-82647 1.21.1-7 -...

DEBIAN-CVE-2025-49133

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

AZL-63702 CVE-2025-49133 affecting package libtpms for versions less than 0.9.6-8

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

CVE-2025-49133

The CVE-2025-49133 entry affects libtpms, a TPM functionality library for virtual machines, with a flaw in CryptHmacSign that pairs signKey (ALG_KEYEDHASH) with inScheme (ECC/RSA) leading to an out-of-bounds read. The issue can be triggered by sending malicious TPM 2.0 commands to a vTPM (swtpm) ...

CVE-2025-49133 Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

Fedora 42 : bluez / iwd / libell (2025-35347bf9f0)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-35347bf9f0 advisory. bluez 5.80: Fix issue with handling address type for all types of keys. Fix issue with handling maximum number of GATT channels. Fix issue with...

Timing Side-channel Attack

signxml is vulnerable to a Timing side-channel attack. The vulnerability is due to information leakage during HMAC comparison when requirex509=False and hmackey is used, allowing attackers to infer the correct HMAC...

Algorithm Confusion

signxml is vulnerable to an Algorithm Confusion. The vulnerability is due to Improper enforcement of signature algorithm restrictions are not properly enforced when hmackey is set and requirex509 is disabled, allowing an attacker to bypass verification by using a different signing algorithm inste...

CVE-2025-20989

Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmackey...

Fedora 43 : krb5 (2025-1c915db8a5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-1c915db8a5 advisory. Automatic update for krb5-1.21.3-6.fc43. Changelog Wed Jun 4 2025 Julien Rische - 1.21.3-6 - Do not block HMAC-MD4/5 in FIPS mode Resolves: rhbz2370259 -...

GHSA-6VX8-PCWV-XHF4 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...

SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...

GHSA-GMHF-GG8W-JW42 SignXML's signature verification with HMAC is vulnerable to a timing attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing...

SignXML's signature verification with HMAC is vulnerable to a timing attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing...