MAL-2026-4541 Malicious code in crypto-hash-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 208571de648a5ef9d7b4ae7b6f83151d9c2272f75fc16b42faa75a352ded2e08 Package name and metadata impersonate Sindre Sorhus's legitimate crypto-hash package forged author Sindre Sorhus and repository...

CVE-2026-34527

CVE-2026-34527 affects Sandboxie-Plus for Windows (versions 1.17.2 and earlier). The vulnerability arises in SbieIniServer::HashPassword, where the high nibble of each SHA-1 digest byte is extracted incorrectly (shifted by 8 instead of 4). This causes the stored EditPassword hash to preserve only...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011144)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011144 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11kpeerrxfragsetup cryptoallocshash allocates resources, whic...

RockyLinux 10 : kernel (RLSA-2025:13598)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:13598 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Lin...

CLSA-2025-1757967705 kernel: Fix of 42 CVEs

x86/kvm: Disable kvmclock on all CPUs on shutdown CVE-2021-47110 - posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 - cifs: fix double free race when mount fails in cifsgetroot CVE-2022-48919 - aio: mark AIO pseudo-fs noexec CVE-2016-10044 - cifs:...

RHEL 9 : kernel (RHSA-2025:15670)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15670 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ext4: use-after-free in...

kernel: crypto: algif_hash - fix double free in hash_accept

In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - fix double free in hashaccept If accept2 is called on socket type algifhash with MSGMORE flag set and cryptoahashimport fails, sk2 is freed. However, it is also freed in afalgrelease, leading to...

RLSA-2025:12752 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: memstick: rtsxusbms: Fix slab-use-after-free in rtsxusbmsdrvremove CVE-2025-22020 kernel: netsched:...

armory_cli (>=0.3.3 <=0.3.28), armory_lib (>=0.1.0 <=0.3.28) +158 more potentially affected by unknown CVE via crypto-hash (=0.3.4)

crypto-hash CARGO version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on crypto-hash and may be impacted: - armorycli =0.3.3, =0.1.0, =0.1.0, =0.1.0, =0.10.0, =0.10.0, =0.23.0, =0.1.0, =0.5.0, =0.3.10, =0.1.0, =0.2.2, =0.6.3 and more Source cve...

crypto-hash crate is unmaintained

The crypto-hash crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - crypto-hashes...

RUSTSEC-2025-0060 crypto-hash crate is unmaintained

The crypto-hash crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - crypto-hashes...

kernel: crypto: algif_hash - fix double free in hash_accept

In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - fix double free in hashaccept If accept2 is called on socket type algifhash with MSGMORE flag set and cryptoahashimport fails, sk2 is freed. However, it is also freed in afalgrelease, leading to...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_3

This update for kernel-livepatch-MICRO-6-0-RTUpdate3 fixes the following issues: CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

SUSE-SU-2025:20681-1 Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350 -...

Security update for kernel-livepatch-MICRO-6-0_Update_8

This update for kernel-livepatch-MICRO-6-0Update8 fixes the following issues: CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

SUSE-SU-2025:20643-1 Security update for kernel-livepatch-MICRO-6-0_Update_7

This update for kernel-livepatch-MICRO-6-0Update7 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350 -...

SUSE-SU-2025:20678-1 Security update for kernel-livepatch-MICRO-6-0_Update_5

This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350 -...

Security update for kernel-livepatch-MICRO-6-0_Update_7

This update for kernel-livepatch-MICRO-6-0Update7 fixes the following issues: CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...