Lucene search
K

9391 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in mbedtls

In Arm Mbed TLS before version 2.19.0, and Arm Mbed Crypto before version 2.0.0, when deterministic ECDSA is enabled, an RNG with insufficient entropy is used for blinding. This may allow an attacker to recover a private key through side-channel attacks if a victim signs the same message multiple...

5.3CVSS6AI score0.01773EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: qat – Flushes misc workqueue during device shutdown Repeated loading and unloading of a device-specific QAT driver, such as qat4xxx, in a tight loop can lead to a crash due to a use-after-free scenario. This occurs when a...

5.5CVSS6.5AI score0.00133EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Fixed the issue of dereferencing an uninitialized error pointer. Fixed the warnings related to smatch. drivers/crypto/ccp/sev-dev.c:1312 sevplatforminitlocked Error: We previously assumed that ‘error’ could be null...

5.5CVSS5.2AI score0.00119EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Therefore, dereferencing req-iv after its return is invalid...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: blk-mq: The crypto keyslot must be released before reporting I/O completion. Once all I/O operations using the blkcryptokey are completed, the file systems can call blkcryptoevictkey. However, the block layer currently does not...

5.8AI score0.00164EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre – fixed a resource leak in the remove process. In hpreremove, when the disable operation of qm sriov fails, the following logic should continue to be executed to release the remaining resources that have be...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: ccree – Fixed the use of ctxp-user.key after it is freed in cccipherexit. kfreesensitivectxp-user.key will free ctxp-user.key. However, ctxp-userkey is still used in the next line, which will lead to a use after free. We...

7.8CVSS5.9AI score0.00252EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Golang-1.15

In Go versions before 1.14.14 and 1.15.x, as well as before 1.15.7, the crypto/elliptic/p224.go file may generate incorrect outputs due to a underflow of the lowest limb during the final complete reduction of the P-224 field...

6.5CVSS6.7AI score0.02689EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qat – added parameter checks for RSA. Requests with a source buffer size greater than the size of the key are rejected. This prevents potential integer underflow issues that might occur when copying the source scatterlist...

5.5CVSS6.3AI score0.00254EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: tegra – Added the missing CRYPTOALGASYNC flag. The tegra crypto driver failed to set CRYPTOALGASYNC for its asynchronous algorithms. As a result, the crypto API would select these algorithms for users who request only...

8.8CVSS5.7AI score0.00415EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fixed an overflow issue when dealing with long HMAC keys. When a key that is longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: API – Use a work queue in cryptoDestroyInstance. The function cryptoDropSpawn is expected to be called from the process context. However, when an instance is not registered while it still has active users, the last user m...

5.7AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 9:44 a.m.4 views

SUSE-SU-2026:2464-1 Security update for python313

This update for python313 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. - CVE-2026-4786: oss-security CPython: Incomplete mitigati...

9.1CVSS6.3AI score0.00579EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2026-2430)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

8.8CVSS7.1AI score0.96267EPSS
Exploits255References3
OSV
OSV
added 2026/06/19 12:0 a.m.7 views

ALSA-2026:27288 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: rxrpc: Fix RxGK token loading t...

9.8CVSS6.6AI score0.004EPSS
Exploits9References32
OSV
OSV
added 2026/06/18 11:18 a.m.7 views

ROOT-APP-MAVEN-CVE-2025-22228 CVE-2025-22228 in io.root.org.springframework.security:spring-security-crypto - Patched by Root

Root has patched CVE-2025-22228 in the io.root.org.springframework.security:spring-security-crypto package for Root:Maven. Multiple fixed versions available...

7.4CVSS7.5AI score0.00568EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens RUGGEDCOM RST2428P Missing Synchronization (CVE-2026-23229)

In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-c...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 9:35 p.m.7 views

Malicious code in dotenv-sync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c91932ecf0decc2b900d3e3cd6effe3c4cb1c4ec5ddfd98cde2460facf9f7ae1 On Windows, src/envsync/init.py lines 39-44 unconditionally calls ctypes.CDLL on a bundled 2.9MB PE file parser.pyd at top-level import, wrapped in...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 9:32 p.m.8 views

Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/06/17 9:32 p.m.18 views

MAL-2026-6083 Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
Rows per page
Query Builder