Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

CVE-2025-8301

Realtek RTL8811AU rtwlanu.sys N6CSetDOT11CIPHERDEFAULTKEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to...

CVE-2025-8301 Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Realtek RTL8811AU rtwlanu.sys N6CSetDOT11CIPHERDEFAULTKEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to...

CVE-2025-8302 Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

Realtek rtl81xx SDK Wi-Fi Driver 安全漏洞

Realtek rtl81xx SDK Wi-Fi Driver is a network card driver software from Realtek Semiconductor Realtek, China. A security vulnerability exists in the Realtek rtl81xx SDK Wi-Fi Driver, which stems from insufficient validation of the N6CSetDOT11CIPHERDEFAULTKEY function, which could result in elevat...

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Linux Distros Unpatched Vulnerability : CVE-2024-38579

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer...

CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...

DEBIAN-CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that in the spu2dumpomd function, the value of ptr is increased by ciphkeylen instead of hashivlen,...

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:0310 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Incorrect cipher key and IV length processing CVE-2023-5363 For more details about the security...

MGASA-2023-0317 Updated quictls packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

MGASA-2023-0313 Updated openssl packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

Incorrect cipher key & IV length processing

...

SUSE-SU-2023:4190-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. bsc1216163 - CVE-2023-3817: Add test of DHcheck with q = p + 1. bsc1213853...

Debian: Security Advisory (DSA-5532-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5532-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5532-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2023 https://www.debian.org/security/faq -...

CVE-2023-5363 Incorrect cipher key & IV length processing

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

K23374214: Apache Shiro vulnerability CVE-2016-4437

Security Advisory Description Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. CVE-2016-4437 Impact There is no impact;...