CVE-2025-34196

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 Windows client deployments contain a hardcoded private key for the PrinterLogic Certificate Authority CA and a hardcoded password in product configuration files. The Windows...

ALPINE-CVE-2025-9231

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

OpenSSL Toolkit 3.3.5

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.3 release...

OpenSSL Toolkit 3.2.6

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.2 release...

OpenSSL Toolkit 3.0.18

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.0 LTS release...

OpenSSL Toolkit 3.5.4

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.5 LTS release...

OpenSSL Toolkit 3.4.3

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.4 release...

CVE-2025-34235

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 Windows client deployments contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can...

CVE-2025-34211

Vasion Print Virtual Appliance Host (pre-22.0.1049) and Application (pre-20.0.2786) store a private SSL key and its public certificate in cleartext, using the same pl-local.com key across all deployments. With container access, an attacker can read the key to decrypt TLS traffic, perform MITM, or...

CVE-2025-34196

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 Windows client deployments contain a hardcoded private key for the PrinterLogic Certificate Authority CA and a hardcoded password in product configuration files. The Windows...

kernel: tls: fix handling of zero-length records on the rx_list

In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rxlist Each recvmsg call must process either - only contiguous DATA records any number of them - one non-DATA record If the next record has different type than what has already been...

PT-2025-39880

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application store a privat...

Unspecified Vulnerability in PyTorch (CNVD-2025-23284)

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that stems from an assertion error in nn.Fold when using inductor, no details of the vulnerability are provided at this time...

CVE-2025-56463

Mercusys MW305R 3.30 and below is has a Transport Layer Security TLS certificate private key disclosure...

CLSA-2025-1758914381 httpd: Fix of 4 CVEs

CVE-2025-49630: fix denial of service attack triggered by untrusted clients causing an assertion in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients in modssl configurations - CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from...

CVE-2025-56463

Mercusys MW305R 3.30 and below is has a Transport Layer Security TLS certificate private key disclosure...

USN-7769-3 linux-aws-6.14, linux-hwe-6.14 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACP...

USN-7769-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACP...

PT-2025-39650

Name of the Vulnerable Software and Affected Versions Mercusys MW305R versions 3.30 and below Description The Mercusys MW305R router firmware contains a flaw that leads to a Transport Layer Security TLS certificate private key disclosure. This allows potential attackers to obtain the private key...

CVE-2025-56463

Mercusys MW305R routers with firmware version 3.30 and earlier are affected by a flaw that leads to TLS certificate private key disclosure. Root cause: an issue in the device firmware that allows private key exposure. Impact areas documented include confidentiality, integrity, and availability as...