EUVD-2025-34676

GeoIP processor disables SSL certificate validation when downloading databases...

GHSA-3XGR-H5HQ-7299 GeoIP processor disables SSL certificate validation when downloading databases

Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...

GeoIP processor disables SSL certificate validation when downloading databases

Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...

OpenSearch Data Prepper uses deprecated SSL protocol identifier

Impact The GeoIP processor and Kafka source and buffer were using the deprecated "SSL" protocol identifier when creating SSL contexts, potentially allowing the use of insecure SSL protocols instead of modern TLS versions. Multiple Data Prepper plugins used SSLContext.getInstance"SSL" which could...

GHSA-28GG-8QQJ-FHH5 OpenSearch Data Prepper uses deprecated SSL protocol identifier

Impact The GeoIP processor and Kafka source and buffer were using the deprecated "SSL" protocol identifier when creating SSL contexts, potentially allowing the use of insecure SSL protocols instead of modern TLS versions. Multiple Data Prepper plugins used SSLContext.getInstance"SSL" which could...

org.opensearch.dataprepper.plugins:otel-trace-group-processor (>=2.12.0 <=2.12.1) potentially affected by CVE-2025-62371 via org.opensearch.dataprepper.plugins:opensearch (>=2.12.0 <=2.12.1)

org.opensearch.dataprepper.plugins:opensearch MAVEN version =2.12.0, =2.12.0, =2.12.1 Source cves: CVE-2025-62371 Source advisory: SNYK:JAVA-ORGOPENSEARCHDATAPREPPERPLUGINS-13561982...

Improper Certificate Validation

Overview org.opensearch.dataprepper.plugins:geoip-processor is a Data Prepper project: geoip-processor Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL certificate validation process when the cert parameter is not explicitly provided. An attacker can...

Tenda W12 Null Pointer Dereference Vulnerability

Tenda W12 is a dual-band Gigabit wireless panelized access point AP from Tenda Technology, designed for hotels, villas, large homes and other scenarios, supporting the IEEE802.11ac protocol and the Wave2 standard with 1167Mbps dual-band concurrent rate. A null pointer dereference vulnerability...

2025-10 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5066836)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

AMD Secure Processor Security Update

AMD has informed HP of a potential security vulnerability in some AMD Secure Processors, which might allow loss of integrity or confidentiality. AMD has released firmware updates to mitigate this vulnerability. AMD has released updates to mitigate the potential vulnerability. HP has identified...

ROS-20251014-06

A vulnerability in the jq JSON processor is related to manipulation of the runjqtests function of the jqtest.c component file JSON Parser Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-47354

Memory corruption while allocating buffers in DSP service...

Mageia: Security Advisory (MGASA-2025-0236)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2025-1760026053 libmicrohttpd: Fix of CVE-2023-27371

CVE-2023-27371: Fix improper parsing of multipart/form-data boundary in MHDcreatepostprocessor to prevent remote DoS vulnerability...

CVE-2025-39959

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fix incorrect retrival of acpchipinfo Use devgetdrvdatadev-parent instead of devgetplatdatadev to correctly obtain acpchipinfo members in the acp I2S driver. Previously, some members were not updated properly due ...

CVE-2025-47354

Memory corruption while allocating buffers in DSP service...

EUVD-2025-33235

Memory corruption while allocating buffers in DSP service...

CVE-2025-47354 Use After Free in DSP Service

Memory corruption while allocating buffers in DSP service...

CVE-2025-47354

CVE-2025-47354 is described across multiple sources as a memory corruption issue in the DSP service related to buffer allocation on Qualcomm chipsets ( Qualcomm kernel component ). Several enrichment entries label the flaw as a Use After Free in the DSP service; Red Hat/NVD entries repeat the mem...

CVE-2025-47351 Integer Overflow or Wraparound in DSP Service

Memory corruption while processing user buffers...