9391 matches found
Astra Linux – Vulnerability in mbedtls
In Arm Mbed TLS before version 2.19.0, and Arm Mbed Crypto before version 2.0.0, when deterministic ECDSA is enabled, an RNG with insufficient entropy is used for blinding. This may allow an attacker to recover a private key through side-channel attacks if a victim signs the same message multiple...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: qat – Flushes misc workqueue during device shutdown Repeated loading and unloading of a device-specific QAT driver, such as qat4xxx, in a tight loop can lead to a crash due to a use-after-free scenario. This occurs when a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Fixed the issue of dereferencing an uninitialized error pointer. Fixed the warnings related to smatch. drivers/crypto/ccp/sev-dev.c:1312 sevplatforminitlocked Error: We previously assumed that ‘error’ could be null...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Therefore, dereferencing req-iv after its return is invalid...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-mq: The crypto keyslot must be released before reporting I/O completion. Once all I/O operations using the blkcryptokey are completed, the file systems can call blkcryptoevictkey. However, the block layer currently does not...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre – fixed a resource leak in the remove process. In hpreremove, when the disable operation of qm sriov fails, the following logic should continue to be executed to release the remaining resources that have be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: ccree – Fixed the use of ctxp-user.key after it is freed in cccipherexit. kfreesensitivectxp-user.key will free ctxp-user.key. However, ctxp-userkey is still used in the next line, which will lead to a use after free. We...
Astra Linux – Vulnerability in Golang-1.15
In Go versions before 1.14.14 and 1.15.x, as well as before 1.15.7, the crypto/elliptic/p224.go file may generate incorrect outputs due to a underflow of the lowest limb during the final complete reduction of the P-224 field...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: qat – added parameter checks for RSA. Requests with a source buffer size greater than the size of the key are rejected. This prevents potential integer underflow issues that might occur when copying the source scatterlist...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra – Added the missing CRYPTOALGASYNC flag. The tegra crypto driver failed to set CRYPTOALGASYNC for its asynchronous algorithms. As a result, the crypto API would select these algorithms for users who request only...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fixed an overflow issue when dealing with long HMAC keys. When a key that is longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: API – Use a work queue in cryptoDestroyInstance. The function cryptoDropSpawn is expected to be called from the process context. However, when an instance is not registered while it still has active users, the last user m...
SUSE-SU-2026:2464-1 Security update for python313
This update for python313 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. - CVE-2026-4786: oss-security CPython: Incomplete mitigati...
EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2026-2430)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...
ALSA-2026:27288 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: rxrpc: Fix RxGK token loading t...
ROOT-APP-MAVEN-CVE-2025-22228 CVE-2025-22228 in io.root.org.springframework.security:spring-security-crypto - Patched by Root
Root has patched CVE-2025-22228 in the io.root.org.springframework.security:spring-security-crypto package for Root:Maven. Multiple fixed versions available...
Siemens RUGGEDCOM RST2428P Missing Synchronization (CVE-2026-23229)
In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-c...
Malicious code in dotenv-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c91932ecf0decc2b900d3e3cd6effe3c4cb1c4ec5ddfd98cde2460facf9f7ae1 On Windows, src/envsync/init.py lines 39-44 unconditionally calls ctypes.CDLL on a bundled 2.9MB PE file parser.pyd at top-level import, wrapped in...
Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
MAL-2026-6083 Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...