CVE-2025-47711 – “nbdkit Denial-of-Service Vulnerability”

June 9, 2025

CVE ID : CVE-2025-47711

Published : June 9, 2025, 6:15 a.m. | 3 hours, 23 minutes ago

Description : There’s a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5864 – Tenda TDSEE App Authentication Bypass

Next Article CVE-2025-3581 – “Newsletter WordPress Plugin Stored Cross-Site Scripting Vulnerability”

Highlights

CVE-2025-27587 – OpenSSL PowerPC Minerva Timing Attack

June 16, 2025

CVE ID : CVE-2025-27587

Published : June 16, 2025, 10:15 p.m. | 2 hours, 33 minutes ago

Description : OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-47711 – “nbdkit Denial-of-Service Vulnerability”

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

CVE-2025-50142 – Apache HTTP Server Cross-Site Request Forgery

LLMs Struggle to Act on What They Know: Google DeepMind Researchers Use Reinforcement Learning Fine-Tuning to Bridge the Knowing-Doing Gap

CVE-2024-44906 – Uptrace PGDriver SQL Injection Vulnerability

ByteDance Introduces Seed1.5-VL: A Vision-Language Foundation Model Designed to Advance General-Purpose Multimodal Understanding and Reasoning

CVE-2025-27587 – OpenSSL PowerPC Minerva Timing Attack

What’s the easiest way to deploy on a VPS?

CVE-2025-51654 – SemCms SQL Injection Vulnerability

Microsoft wants you and your business to ditch Office

CVE-2025-47711 – “nbdkit Denial-of-Service Vulnerability”

Related Posts