pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...

CVE-2025-12765

Summary of the CVE: CVE-2025-12765 affects pgAdmin4 (noted in multiple advisories) with a flaw in the LDAP authentication flow that allows bypassing TLS certificate validation. The SUSE/OpenSUSE entries and related Nessus plugins cite this CVE alongside CVE-2025-12764 and others, indicating impac...

CVE-2025-12765 pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.

pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...

tls: wait for pending async decryptions if tls_strp_msg_hold fails

...

tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

...

PT-2025-46924

Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.2 and 7.3 IBM VIOS versions 3.1 and 4.1 Description The nimsh service’s SSL/TLS implementations in IBM AIX and VIOS are susceptible to improper process controls, potentially enabling a remote attacker to execute arbitrary...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.9 and earlier versions, which stems from a TLS certificate validation in the LDAP authentication mechanism that can be bypassed...

Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Improper Certificate Validation (CVE-2022-27782)

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

HP Integrated Lights-Out Cryptographic Issues (CVE-2016-4379)

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. This plugin only...

AZL-70001 CVE-2025-40149 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

UBUNTU-CVE-2025-40176

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

CVE-2025-40176

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

CVE-2025-40176

The CVE-2025-40176 issue affects the Linux kernel TLS path used for async decryption. If tls_strp_msg_hold fails to allocate a clone of the input skb, proceeding with async decryption can cause use-after-free on the skb or writes to userspace memory after recv(). The documented fix is to wait for...

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

CVE-2025-40125 blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx

In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject stateinsysfs before deleting in blkmqunregisterhctx In blkmqupdatenrhwqueues the return value of blkmqsysfsregisterhctxs is not checked. If sysfs creation for hctx fails, later changing the number of hwqueue...

CVE-2025-42897

Due to information disclosure vulnerability in anonymous API provided by SAP Business One SLD, an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and...

kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padatadoparallel return -EBUSY Since commit 8f4f68e788c3 "crypto: pcrypt - Fix hungtask for PADATARESET", the pcrypt encryption and decryption operations return -EAGAIN when the CP...

kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padatadoparallel return -EBUSY Since commit 8f4f68e788c3 "crypto: pcrypt - Fix hungtask for PADATARESET", the pcrypt encryption and decryption operations return -EAGAIN when the CP...

CVE-2025-42897

CVE-2025-42897 describes an information disclosure vulnerability in the anonymous API of SAP Business One Service Layer Directory (SLD). An attacker with normal user access could obtain unauthorized information, resulting in low confidentiality impact and no impact on integrity or availability. A...