Linux Distros Unpatched Vulnerability : CVE-2025-59432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication...

Unspecified Vulnerability in PyTorch (CNVD-2025-23286)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from an inconsistency between the bernoullip decomposition function and the CPU implementation, no details of the vulnerability are provided at this time...

Missing Release of Memory after Effective Lifetime

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the StructuredContents API endpoint. An attacker can exhaust system memory resources by repeated...

UBUNTU-CVE-2025-46153

PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...

CVE-2025-59484

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

PT-2025-45395

Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description An issue in Google Chrome may allow attackers to affect the system. The root cause is an inappropriate implementation in Views. This affects Microsoft Edge Chromium-based as it ingests...

SUSE CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

PT-2025-39225

Name of the Vulnerable Software and Affected Versions Click Plus PLC firmware version 3.60 Description An issue was found in the Click Plus PLC firmware version 3.60 related to the use of a weak cryptographic algorithm. The software utilizes an insecure implementation of the RSA encryption...

netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

UBUNTU-CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432

SCRAM timing attack (CVE-2025-59432) affects the SCRAM Java implementation prior to v3.2 due to using Arrays.equals to compare secret values, causing variable execution time. It can enable a timing side‑channel to infer authentication material. The issue is mitigated by using constant-time compar...

SCRAM Java Implementation 安全漏洞

SCRAM Java Implementation is an open source Java implementation library for SCRAM by OnGres Inc. A security vulnerability exists in SCRAM Java Implementation versions prior to 3.2, which stems from the use of Arrays.equals for sensitive value comparisons, and could lead to a timing side channel...

Binwalk

This is an implementation of the Binwalk firmware analysis tool in Rust, written for speed and accuracy. Binwalk can identify and optionally extract files and data embedded inside other files, with a focus on firmware analysis. It supports a wide variety of file and data types and can even help...

[SECURITY] Fedora 42 Update: perl-Cpanel-JSON-XS-4.40-1.fc42

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

[SECURITY] Fedora 43 Update: perl-JSON-XS-4.04-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

Timing Attack Vulnerability in SCRAM Authentication

Impact A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how...

Unchecked Input for Loop Condition

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the XML-RPC due to unchecked input in the loop condition. An attacker can exhaust system resources by sending specially...