K000139514: BIG-IP SSL/TLS vulnerability CVE-2025-60016

Security Advisory Description When Diffie-Hellman DH group Elliptic Curve Cryptography ECC Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to...

CVE-2025-55081 Potential out of bound read in _nx_secure_tls_process_clienthello()

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

CVE-2025-55081 Potential out of bound read in _nx_secure_tls_process_clienthello()

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

PYSEC-2025-184

This issue affects Apache Spark versions before 3.4.4,3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.When spark.network.crypto.enabled is set to true it is set to false by default, but...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A data tampering vulnerability exists in the TMM module of BIG-IP, which arises because undisclosed traffic can lead to data...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when configuring a...

PT-2025-42388

Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions prior to 2.12.2 Description OpenSearch Data Prepper is an open source data collector for observability data. The OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no...

F5 Networks BIG-IP : BIG-IP DTLS 1.2 vulnerability (K000151309)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6.1 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000151309 advisory. Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. This issue may occur wh...

CVE-2025-11695

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5 Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Securi...

USN-7808-2 linux-azure-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Ext4 file system; - SMB network file system; - Packet sockets; - Network traffic control; - TLS...

USN-7808-2: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Ext4 file system; - SMB network file system; - Packet sockets; - Network traffic control; - TLS...

kernel: sunrpc: fix handling of server side tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...

AlmaLinux 8 : kernel-rt (ALSA-2025:17812)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:17812 advisory. kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 CVE-2022-50228 kernel: Bluetooth: L2CAP: Fix use-after-free CVE-2023-53305 Tenab...

USN-7796-4 linux-azure-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Framebuffer layer; - BTRFS file system; - Ext4 file system; - Network file system NFS server daemon; - Packet...

Cross-site Scripting (XSS)

Overview qwc2-lts is a QGIS Web Client Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple components, including ServiceInfoWindow, SearchBox, LayerInfoWindow, and others. An attacker can execute arbitrary JavaScript code in the context of the user's browser ...

Navigating the Dual-Use Nature and Security Implications of Reconfigurable Intelligent Surfaces in Next-Generation Wireless Systems

Reconfigurable intelligent surface RIS technology offers significant promise in enhancing wireless communication systems, but its dual-use potential also introduces substantial security risks. This survey explores the security implications of RIS in next-generation wireless networks. We first...

Kiloview N30 安全漏洞

Kiloview N30 is an NDI encoder from Kiloview UK. A security vulnerability exists in the Kiloview N30 version 2.02.246, which stems from the inclusion of hard-coded TLS private keys and certificates in the firmware, which could lead to a man-in-the-middle attack...

SUSE-SU-2025:03563-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002342 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. - CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc1240744. - CVE-2025-38089: sunrpc: hand...

OESA-2025-2396 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...