Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()

...

Linux Distros Unpatched Vulnerability : CVE-2025-59432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication...

Mapping Quantum Threats: An Engineering Inventory of Cryptographic Dependencies

The emergence of large-scale quantum computers, powered by algorithms like Shor's and Grover's, poses an existential threat to modern public-key cryptography. This vulnerability stems from the ability of these machines to efficiently solve the hard mathematical problems - such as integer...

Go implementation of Fast Finality in Filecoin 安全漏洞

Go implementation of Fast Finality in Filecoin is a Golang library for a fast validation mechanism open-sourced by Filecoin. A security vulnerability exists in Go implementation of Fast Finality in Filecoin version 0.8.8 and earlier, which stems from the validation result caching mechanism not...

PT-2025-39916

Name of the Vulnerable Software and Affected Versions go-f3 versions 0.8.8 and below Description go-f3’s justification verification caching mechanism improperly caches verification results without considering the message context. An attacker can bypass justification verification by submitting a...

Unspecified Vulnerability in PyTorch (CNVD-2025-23286)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from an inconsistency between the bernoullip decomposition function and the CPU implementation, no details of the vulnerability are provided at this time...

Missing Release of Memory after Effective Lifetime

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the StructuredContents API endpoint. An attacker can exhaust system memory resources by repeated...

UBUNTU-CVE-2025-46153

PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...

CVE-2025-59484

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

PT-2025-45395

Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description An issue in Google Chrome may allow attackers to affect the system. The root cause is an inappropriate implementation in Views. This affects Microsoft Edge Chromium-based as it ingests...

SUSE CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

PT-2025-39225

Name of the Vulnerable Software and Affected Versions Click Plus PLC firmware version 3.60 Description An issue was found in the Click Plus PLC firmware version 3.60 related to the use of a weak cryptographic algorithm. The software utilizes an insecure implementation of the RSA encryption...

netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

UBUNTU-CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432

SCRAM timing attack (CVE-2025-59432) affects the SCRAM Java implementation prior to v3.2 due to using Arrays.equals to compare secret values, causing variable execution time. It can enable a timing side‑channel to infer authentication material. The issue is mitigated by using constant-time compar...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

SCRAM Java Implementation 安全漏洞

SCRAM Java Implementation is an open source Java implementation library for SCRAM by OnGres Inc. A security vulnerability exists in SCRAM Java Implementation versions prior to 3.2, which stems from the use of Arrays.equals for sensitive value comparisons, and could lead to a timing side channel...

Binwalk

This is an implementation of the Binwalk firmware analysis tool in Rust, written for speed and accuracy. Binwalk can identify and optionally extract files and data embedded inside other files, with a focus on firmware analysis. It supports a wide variety of file and data types and can even help...