USN-7483-1 openjdk-21 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 21 incorrectly handled compiler transformations. An...

USN-7482-1 openjdk-17 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 17 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 17 incorrectly handled compiler transformations. An...

USN-7481-1: OpenJDK 11 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 11 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 11 incorrectly handled compiler transformations. An...

USN-7481-1 openjdk-lts vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 11 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 11 incorrectly handled compiler transformations. An...

USN-7480-1: OpenJDK 8 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An...

USN-7480-1 openjdk-8 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An...

SUSE CVE-2022-49788

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

Ubuntu 24.10 / 25.04 : OpenJDK 24 vulnerabilities (USN-7484-1)

The remote Ubuntu 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7484-1 advisory. Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain...

UBUNTU-CVE-2022-49788

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

Linux Distros Unpatched Vulnerability : CVE-2024-3296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style...

USN-7346-3 opensc vulnerabilities

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression which broke smartcard based authentication. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC did not correctly handle certain memory operations...

SUSE CVE-2025-0317

A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service DoS attack...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero via the ggufPadding function. An attacker can cause the server to crash by uploading and creating a customized GGUF model file on the server. PoC python import os import json import requests import hashlib if you use th...

CVE-2025-2265

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

CVE-2025-2265

The CVE-2025-2265 entry concerns Santesoft Sante PACS Server (Sante PACS Server.exe) where a web user’s password is processed as a 0x2000-byte zero-padded value that is SHA-1 hashed, base64-encoded, and stored in the HTTP.db’s USER table. The reported issue is that the number of hash bytes encode...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-2107)

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 128.8 MFSA 2025-18 bsc1237683: CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931:...

USN-7346-1 opensc vulnerabilities

It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...

SUSE CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...