SUSE-SU-2025:03257-1 Security update for raptor

This update for raptor fixes the following issues: - CVE-2024-57823: Fixed integer underflow when normalizing a URI with the turtle parser bsc1235673. - CVE-2024-57822: Fixed heap buffer overread when parsing triples with the nquads parser bsc1235674...

Security update for raptor

This update for raptor fixes the following issues: CVE-2024-57823: Fixed integer underflow when normalizing a URI with the turtle parser bsc1235673 CVE-2024-57822: Fixed heap buffer overread when parsing triples with the nquads parser bsc1235674 Patch Instructions: To install this SUSE update use...

GHSA-RCV9-QM8P-9P6J Hugging Face Transformers library has Regular Expression Denial of Service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

CVE-2025-6051

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

CVE-2025-6051 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

PT-2025-37422

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions up to 4.52.4 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the normalize numbers method of the EnglishNormalizer class. This issue arises from the method's handling of...

ROS-20250912-13

A vulnerability in OpenBao's secret management and encryption system is related to an unexpected normalization in the in the TOTP base library. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data A vulnerability in the OpenBao secret management and encryptio...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication Bypass. The vulnerability is due to using caller-supplied usernames as aliases without normalization when usernameasalias=true in the LDAP auth method, allowing bypass of MFA requirements...

Linux Distros Unpatched Vulnerability : CVE-2024-34078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC...

Linux Distros Unpatched Vulnerability : CVE-2016-2561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject...

Linux Distros Unpatched Vulnerability : CVE-2021-37712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package tar aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability...

PP-STAT: an Efficient Privacy-Preserving Statistical Analysis Framework Using Homomorphic Encryption

With the widespread adoption of cloud computing, the need for outsourcing statistical analysis to third-party platforms is growing rapidly. However, handling sensitive data such as medical records and financial information in cloud environments raises serious privacy concerns. In this paper, we...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication bypass. The vulnerability is due to improper normalization in the underlying TOTP library, which allows an attacker to bypass rate limiting by inserting whitespace and reuse existing MFA codes...

SUSE CVE-2025-55000

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...

BIT-LIBPYTHON-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

CVE-2025-55000

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the TOTP secrets engine, which accepts valid codes multiple times rather than strictly-once. An attacker can gain unauthorized access to sensitive information due to improper normalization in the underlying...

CVE-2025-55000

OpenBao CVE-2025-55000 affects OpenBao 0.1.0–2.3.1. Root cause: unexpected normalization in the underlying TOTP library allows the TOTP secrets engine to accept valid codes more than once. Impact statement in sources notes that TOTP code verification is a privileged action and only trusted system...

CVE-2025-55000

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...

OESA-2025-1981 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...