9137 matches found
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network...
[SECURITY] Fedora 42 Update: kea-2.6.3-1.fc42
DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...
Microsoft Dynamics 365 FastTrack Implementation 安全漏洞
Microsoft Dynamics 365 FastTrack Implementation is a planning software from Microsoft Corporation USA that helps in the successful implementation of large and complex Dynamics 365 projects. A security vulnerability exists in Microsoft Dynamics 365 FastTrack Implementation that stems from the...
PT-2025-26260 · Microsoft · Dynamics 365 Fasttrack Implementation Assets
Name of the Vulnerable Software and Affected Versions: Dynamics 365 FastTrack Implementation Assets affected versions not specified Description: The issue concerns the exposure of private personal information to unauthorized actors in Dynamics 365 FastTrack Implementation Assets, allowing attacke...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to Improper Verification of Cryptographic Signature in SSHJ (CVE-2020-36843)
Summary The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous...
CVE-2022-49998
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: 1 rxrpcnewclientcall should release the socket lock when returning an error from rxrpcgetcallslot. 2 rxrpcwaitfortxwindowintr will return...
CVE-2022-49959
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix memory leak at failed datapath creation ovsdpcmdnew-ovsdpchange-ovsdpsetupcallportids allocates array via kmalloc. If for some reason newvport fails during ovsdpcmdnew dp-upcallportids must be freed. Add missing...
CVE-2022-50231 crypto: arm64/poly1305 - fix a read out-of-bound
In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neonpoly1305blocks.constprop.0+0x1b4/0x250 poly1305neon Read of size 4 at addr ffff0010e293f010 by task...
CVE-2022-49998
The CVE-2022-49998 entry is supported by multiple connected advisories confirming concrete fixes in the Linux kernel’s rxrpc sendmsg implementation. The issues addressed are three locking bugs in rxrpc_sendmsg: (1) rxrpc_new_client_call() should release the socket lock when returning from rxrpc_g...
CVE-2025-38006
CVE-2025-38006 affects the Linux kernel MCTP path: in net/mctp, mctp_dump_addrinfo may read uninitialized memory from ifaddrmsg when filtering by ifa_index if the struct isaddrmsg is not provided. This can occur during certain netlink dumps (e.g., from syzkaller/busybox ip addr show). The issue i...
CVE-2025-38006 net: mctp: Don't access ifa_index when missing
In the Linux kernel, the following vulnerability has been resolved: net: mctp: Don't access ifaindex when missing In mctpdumpaddrinfo, ifaindex can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be comparing to uninitialised memory - reproducible i...
CVE-2025-38006
In the Linux kernel, the following vulnerability has been resolved: net: mctp: Don't access ifaindex when missing In mctpdumpaddrinfo, ifaindex can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be comparing to uninitialised memory - reproducible i...
Exploit for Prototype Pollution in Salesforce Tough-Cookie
CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...
[SECURITY] Fedora 41 Update: fido-device-onboard-0.5.1-3.fc41
A rust implementation of the FIDO Device Onboard Specification...
ALSA-2025:9150 Moderate: gvisor-tap-vsock security update
A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...
ALSA-2025:9178 Important: kea security update
DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...
Allocation of Resources Without Limits or Throttling
Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of restrictions on the depth of GraphQL queries. An attacker can exhaust system...
CVE-2025-4233
CVE-2025-4233 affects Palo Alto Networks Prisma Access Browser. The connected sources describe an insufficient implementation of cache vulnerability that enables bypassing certain data control policies (root cause: inadequate cache handling in the browser). Documents consistently tie the issue to...
Beyond Implementation: Building a Zero Trust Strategy That Works
...
CVE-2025-29756
The CVE-2025-29756 entry describes a vulnerability in SunGrow iSolarCloud’s MQTT service used by the backend for device data transport. The MQTT broker reportedly lacks sufficient topic-subscription restrictions, enabling a user with an iSolarCloud account to subscribe to any topic (notably the a...