CVE-2024-56442

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

Incorrect Implementation Of The Authentication Algorithm

org.apache.kafka, kafka-clients is vulnerable to an incorrect implementation of the authentication algorithm. The vulnerability is due to the lack of nonce verification in Apache Kafka's SCRAM implementation, where the server does not verify that the nonce sent by the client in the second message...

CVE-2025-21613 go-git has an Argument Injection via the URL field

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-7183-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7183-1 advisory. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type- confusion error. A physically proximate...

SUSE-SU-2025:0005-1 Security update for liboqs, oqs-provider

This update for liboqs, oqs-provider fixes the following issues: This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update liboqs to 0.12.0: - This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST...

[SECURITY] Fedora 40 Update: libxml2-2.12.9-1.fc40

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

PT-2025-40439

Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An inappropriate implementation in the Omnibox allows attackers to affect the system. Microsoft Edge Chromium-based is also impacted as it ingests Chromium. Recommendations At the moment,...

PT-2025-40438

Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An inappropriate implementation in Media allows attackers to affect the system. Microsoft Edge Chromium-based is also impacted as it ingests Chromium. Recommendations At the moment, there is...

CVE-2024-56724

In the Linux kernel, the following vulnerability has been resolved: mfd: intelsocpmicbxtwc: Use IRQ domain for TMU device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has inherited flaws. This was unveiled when...

CVE-2024-56723 mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices

In the Linux kernel, the following vulnerability has been resolved: mfd: intelsocpmicbxtwc: Use IRQ domain for PMIC devices While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has inherited flaws. This was unveiled when...

GHSA-HQMP-G7PH-X543 TunnelVision - decloaking VPNs using DHCP

A new decloaking technique for nearly all VPN implementations has been found, which allows attackers to inject entries into the routing tables of unsuspecting victims using DHCP option 121. This allows attackers to redirect traffic, which is supposed to be sent encrypted over the VPN, through the...

CVE-2024-56589

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Add condresched for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: 214.409199...

CVE-2024-56587

In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightnessshow with ledcdev-ledaccess mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a ledcdev addition and later a another call to access of...

CVE-2024-56544 udmabuf: change folios array from kmalloc to kvmalloc

In the Linux kernel, the following vulnerability has been resolved: udmabuf: change folios array from kmalloc to kvmalloc When PAGESIZE 4096, MAXPAGEORDER 10, 64bit machine, pagealloc only support 4MB. If above this, trigger this warn and return NULL. udmabuf can change size limit, if change it t...

[SECURITY] Fedora 41 Update: libxml2-2.12.9-1.fc41

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool allows a malicious individual to gain unauthorized access to the application and execute arbitrary SQL code.

The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool exists due to incorrect implementation of multi-factor authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the application and execute arbitrary SQ...

CVE-2024-56378

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc...

CGA-G7Q3-CXP6-3C25

Bulletin has no description...

Exploit for Improper Authentication in Google Android

⚠️ Disclaimer: For Research and Educational Purposes Only...

CVE-2024-56128

A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM, which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the...