CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59354

Summary: CVE-2025-59354 affects Dragonfly before version 2.1.0, where downloaded files may be replaced due to use of MD5 for hashing, enabling attackers to supply malicious files with colliding hashes. The vulnerability is fixed in 2.1.0. The initial description provides the root cause and remedi...

CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

Linux Distros Unpatched Vulnerability : CVE-2025-59160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor...

SUSE CVE-2025-59161

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-59161

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...

CVE-2023-53320

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...

UBUNTU-CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

CVE-2023-53320

CVE-2023-53320 (Linux kernel) relates to scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info(). The patch fixes four issues in mpi3mr_get_all_tgt_info(): (1) valid entry length now uses the correct header size (sizeof(u64) instead of sizeof(u32)); (2) kern_entrylen no longer subtracts one from nu...

CVE-2023-53320 scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...

CVE-2025-57625

CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM by replacing DataSpotliteAgent.exe or any other binaries called by...

CYRISMA Sensor 安全漏洞

CYRISMA Sensor is a scanning and detection component from CYRISMA USA. A security vulnerability exists in versions prior to CYRISMA Sensor 444, which stems from insecure folder and file permissions that could allow a low-privileged user to elevate privileges by replacing binaries and executing...

CVE-2022-50299

CVE-2022-50299 is a Linux kernel issue in the md (multiple device) module where snprintf() could wrap around when the total length of the block device names with slashes exceeds 200, leading to incorrect buffer sizing. The vulnerability arises from using snprintf; the fix is to replace snprintf w...

DEBIAN-CVE-2023-53183

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. CAUSE The root cause of the triggered ASSERT is we can have a race between quota tree creation and...

[SECURITY] Fedora 41 Update: linenoise-1.0-9.20200312git97d2850.fc41

Linenoise is a replacement for the readline line-editing library with the goal of being smaller...

[SECURITY] Fedora 42 Update: linenoise-1.0-12.20200312git97d2850.fc42

Linenoise is a replacement for the readline line-editing library with the goal of being smaller...

PT-2025-37601

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.0-1085-azure 9018.04.1-Ubuntu Description: The Linux kernel contained an issue where the snprintf function was used instead of scnprintf in the md multiple device module. This could lead to a warning when th...

PT-2025-37581

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 6.1.0-rc8+ through 6.1.0-rc8+ 144 Description: This issue involves a global out-of-bounds bug in the rtl8812ae phy set txpower limit function within the rtlwifi module. The root cause is an incorrect comparison order of...

[SECURITY] Fedora 41 Update: uv-0.8.11-2.fc41

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...