CVE-2025-29780

CVE-2025-29780 affects the Python implementation of Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in the feldman_vss library, version 0.8.0b2 and earlier. Connected sources describe timing side-channel vulnerabilities in matrix operations, specifically in _find_secure_pivot and po...

CVE-2025-29780 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

CVE-2025-29779 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function...

CVE-2025-29779

The CVE describes a fault-injection countermeasure weakness in the Python implementation of Post-Quantum Secure Feldman’s Verifiable Secret Sharing (VSS) in PostQuantum-Feldman-VSS, specifically the secure_redundant_execution function. Affected versions up to 0.8.0b2 are vulnerable because Python...

CVE-2025-29779 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function...

CVE-2020-36843

The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...

Open5GS Denial of Service Vulnerability (CNVD-2025-08796)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that can be exploited by attackers to cause network outages...

Siemens SCALANCE X-200RNA Switch Devices Incorrect Calculation (CVE-2016-2181)

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service false-positive packet drops via spoofed DTLS records, related to reclayerd1...

CVE-2020-36843

The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...

CVE-2025-21859 USB: gadget: f_midi: f_midi_complete to call queue_work

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: fmidi: fmidicomplete to call queuework When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to fmiditransmit, causing a deadlock. Fix it by using queuework to schedule the inner...

Google Chromium Misimplementation Vulnerability

Microsoft Edge Chromium-based is a web browser developed by Microsoft based on the Chromium open source project and other open source software. A mal-implementation vulnerability exists in the Permission Prompts component of Microsoft Edge Chromium-based, no details of the vulnerability are...

PT-2025-11060 · Google · Android

Name of the Vulnerable Software and Affected Versions: StatusHint affected versions not specified TelecomServiceImpl affected versions not specified Description: Multiple functions within StatusHint.java and TelecomServiceImpl.java may reveal images across users due to a confused deputy condition...

Optigo Networks Visual BACnet Capture Tool / Optigo Visual Networks Capture Tool

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products, or impersonate the web applications. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Google Chrome Browser UI Incorrectly Implemented Vulnerability

Google Chrome is a WEB browser developed by Google Inc. An incorrect implementation vulnerability exists in the Google Chrome Browser UI. An attacker can exploit this vulnerability to submit a special web request to perform UI spoofing...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-43098)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43098 advisory. - In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-57900)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57900 advisory. - In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nfregisternethoo...

MGASA-2025-0091 Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2025-1914: Out of bounds read in V8. Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Medium CVE-2025-1916: Use after free in Profiles. Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Medium CVE-2025-1918: Out of bounds read...

CVE-2025-27675

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Vulnerable OpenID Implementation V-2023-004...

CVE-2024-58060

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module...

CVE-2024-58083

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...