CVE-2022-29930

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1...

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

CVE-2022-31604

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of...

CVE-2024-47078

Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone i.e., via bluetooth. Prior to...

CVE-2024-8361

In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service DoS. If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not...

CVE-2024-53857

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

CVE-2025-22475

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering...

CVE-2025-22475

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering...

Moderate: galera and mariadb security update

MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...

CVE-2025-21670

In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed...

CVE-2025-24802

Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floornumroutedwires / 3 always include the 0 - 0 input-output pair. Thus a malicious prover can always prove that f0 = 0 for any lookup table f unless its length happens ...

GHSA-VPXM-CR3R-PJP9 General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...

Security Bulletin: Vulnerability in Psf Requests affects watsonx.data

Summary Psf Requests is vulnerable to bypass security restrictions, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...

CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c

...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin:Psf Requests Vulnerability Affects IBM Data Observability by Databand Self-Hosted (CVE-2024-35195)

Summary A vulnerability in Psf Requests was addressed in IBM Data Observability by Databand Self-Hosted Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementati...

Key Performance Indicators for Effective DSPM Implementation

What are the most important KPI’s for a successful DSPM implementation? Let's explore what KPI’s to monitor, why they matter, and how you can take advantage of them for improved security at your org...

eu.interedition:collatex-cocoon (>=1.3 <=1.5.1), org.apache.cocoon:cocoon-acegisecurity-sample (=2.3.0) +129 more potentially affected by CVE-2025-24783 via org.apache.cocoon:cocoon-sitemap-impl (>=1.0.0-RC1 <=2.3.0)

org.apache.cocoon:cocoon-sitemap-impl MAVEN version =1.0.0-RC1, =1.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.3.0 - org.apache.cocoon:cocoon-auth-sample =2.3.0 - org.apache.cocoon:cocoon-authentication-fw-impl =2.3.0 - org.apache.cocoon:cocoon-authentication-fw-sample =2.3.0 -...