GHSA-98QH-XJC8-98PQ vulnerabilities

Vulnerabilities for packages: apache-hop-fips, flyway-fips, apicurio-registry, seata, thingsboard, sonarqube, nuxeo, keycloak, ghidra, hono, flyway, debezium, nacos, dependency-track-apiserver, dependency-track, geoserver, kayenta-fips, kayenta, camunda-zeebe, camunda, druid, apache-hop,...

GHSA-46WH-PXPV-Q5GQ vulnerabilities

Vulnerabilities for packages: langfuse-fips, kibana, langfuse, opensearch-dashboards, opensearch-dashboards-fips...

USN-8059-7: Linux kernel (AWS FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; CVE-2025-22037, CVE-2025-37899...

PT-2026-7849

Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Panel: before 20251215...

CVE-2025-3950 vulnerabilities

Vulnerabilities for packages: gitlab-workhorse-ce-fips, gitlab-rails-ce, gitlab-workhorse-ce, gitlab-rails-ce-fips...

GHSA-3P78-2X5R-GJPP vulnerabilities

Vulnerabilities for packages: gitlab-operator-fips...

PT-2025-43686

Name of the Vulnerable Software and Affected Versions Bouncy Castle for Java FIPS versions 2.1.0 through 2.1.1 Bouncy Castle for Java LTS versions 2.73.0 through 2.73.7 Description An uncontrolled resource consumption issue exists in Bouncy Castle for Java FIPS and Bouncy Castle for Java LTS. The...

CVE-2025-10610

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025...

CVE-2025-10610

CVE-2025-10610 corresponds to an SQL injection vulnerability in Winsure (SFS Winsure) caused by improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected: Winsure versions up to 21.08.2025. Public documentation consistently describes the flaw and its impa...

CLSA-2025-1759223618 Update of kernel

Rebased FIPS patches to 5.14.0-570.46.1...

CLSA-2025-1758295568 Update of kernel

Rebased FIPS patches to 5.14.0-570.44.1...

GHSA-QJH3-4J3H-VMWP vulnerabilities

Vulnerabilities for packages: flux-fips, kyverno, kyverno-fips, flux...

PT-2025-2702 · Qualcomm · Snapdragon +9

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption during the processing of FIPS encryption or decryption IOCTL calls invoked from user-space. This can lead to...

CVE-2024-51522

CVE-2024-51522 affects Huawei HarmonyOS in the Device Management Module, caused by improper processing of device information. The vulnerability potentially impacts availability (per NVD and Red Hat records); CVSS details indicate LOCAL attack with low complexity and no user interaction, but the e...

PT-2024-34686 · Unknown · Device Management Module

Name of the Vulnerable Software and Affected Versions: Device Management Module affected versions not specified Description: The issue is related to improper device information processing in the device management module. Successful exploitation of this issue may affect system availability...

Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

Haproxy 资源管理错误漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company Haproxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of connection levels, with high efficiency and stability. HAProxy has a security vulnerability that stems from...

PT-2022-4100 · Netapp · Storagegrid

Name of the Vulnerable Software and Affected Versions: StorageGRID versions 11.6.0 through 11.6.0.2 Description: The issue is related to errors in information processing, which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and...

PT-2022-2671 · Microsoft · Windows Iscsi Target Service +1

Name of the Vulnerable Software and Affected Versions: Windows iSCSI Target Service affected versions not specified Description: The issue is related to errors in information processing within the Windows iSCSI Target Service, which can be exploited by a remote attacker to gain unauthorized acces...