PT-2025-47812

Name of the Vulnerable Software and Affected Versions TLS 1.3 affected versions not specified Description A server utilizing TLS 1.3 pre-shared key PSK may disregard a client’s request for perfect forward secrecy PFS. This occurs when a server responds to a ClientHello containing psk dhe ke witho...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL CyaSSL version v5.8.2, which stems from improper validation of TLS 1.3 KeyShareEntry parsed inputs, which...

PT-2025-47820

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description The server previously verified the TLS 1.3 PSK binder using a non-constant time method, which could potentially leak information about the PSK binder. The TLS 1.3 PSK binder is a cryptographic element used to...

ThreadFuzzer: Fuzzing Framework for Thread Protocol

With the rapid growth of IoT, secure and efficient mesh networking has become essential. Thread has emerged as a key protocol, widely used in smart-home and commercial systems, and serving as a core transport layer in the Matter standard. This paper presents ThreadFuzzer, the first dedicated...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL CyaSSL versions 5.8.2 and earlier, which stems from improper validation of the TLS 1.3 CertificateVerify...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL CyaSSL, which stems from the fact that TLS 1.3 pre-shared keys may ignore PFS requests, potentially...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale if the HDFS layer is enabled are now addressed in 5.2.3.4 (CVE-2025-55163, CVE-2021-4264, CVE-2025-53864, CVE-2025-48924, CVE-2024-6484, CVE-2024-13009)

Summary The following vulnerabilities, which may affect IBM Storage Scale when the HDFS layer is enabled and could lead to weaker-than-expected security, have been addressed in Storage Scale version 5.2.3.4 or later: CVE-2025-55163, CVE-2021-4264, CVE-2025-53864, CVE-2025-48924, CVE-2024-6484, an...

wolfssl -- multiple issues

wolfSSL blog reports: This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519, XChaCha20-Poly1305, and PSK processing. Highlights include: A timing-side-channel issue in X25519 specifically affecting Xtensa-based ESP32 devices. Low-memory X25519 implementations are now the default fo...

Multi-Domain Security for 6G ISAC: Challenges and Opportunities in Transportation

Integrated sensing and communication ISAC will be central to 6G-enabled transportation, providing both seamless connectivity and high-precision sensing. However, this tight integration exposes attack points not encountered in pure sensing and communication systems. In this article, we identify...

GNU Transport Layer Security Library 3.8.11

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS 12, OpenPGP, and other...

TencentOS Server 4: openssl (TSSA-2024:0289)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0289 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: go-toolset (TSSA-2023:0116)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0116 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: container-tools (TSSA-2023:0111)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0111 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: tomcat (TSSA-2024:0569)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0569 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

USN-7875-1: Linux kernel (Oracle) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

CVE-2025-0421

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...

Shopside App 安全漏洞

Shopside App is a shopping application by Shopside Turkey. A security vulnerability exists in Shopside App 05022025 and earlier versions, which stems from improper restriction of the rendering UI layer or frame, which may result in an iFrame override...

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

CVE-2025-34324 GoSign Desktop < 2.4.1 Insecure Update Mechanism RCE

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

CVE-2025-12383

CVE-2025-12383 is a race-condition vulnerability in Eclipse Jersey that can cause ignoring of critical SSL configurations (e.g., mutual authentication, custom key/trust stores), potentially enabling unauthorized trust in insecure servers. Affected assets in the provided IBM context include IBM St...