HCL BigFix SM 安全漏洞

HCL BigFix SM is an AI-driven service management platform module from HCL India. A security vulnerability exists in HCL BigFix SM, which stems from the use of weak encryption algorithms that could lead to decryption or tampering of communications...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling non-asynchronous decryption requests, which could result in a null pointer dereference...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

OESA-2025-2065 ansible security update

\ Security Fixes: A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

PT-2025-34450 · Reolink · Reolink

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The Reolink application contains a hardcoded encryption key and initialization vector. This allows an attacker to decrypt access tokens and web session tokens through reverse engineering...

Reolink App 安全漏洞

Reolink App is a mobile application from Reolink USA. A security vulnerability exists in Reolink App version v4.54.0.4.20250526, which stems from the use of hard-coded encryption keys and initialization vectors, which could lead to the decryption of access tokens and session tokens...

SUSE CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

AZL-66452 CVE-2025-38590 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

AZL-71030 CVE-2025-38590 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

DEBIAN-CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

UBUNTU-CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38590 net/mlx5e: Remove skb secpath if xfrm state is not found

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38590

CVE-2025-38590 is a Linux kernel vulnerability in the Mellanox mlx5e path. The issue occurs when a hardware decrypted packet’s xfrm state is not found in an xarray, leaving the skb secpath (sp) extension intact. Downstream code may dereference an invalid secpath, causing a crash in __xfrm_policy_...

CVE-2025-38590 net/mlx5e: Remove skb secpath if xfrm state is not found

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

Dark Web Roast - July 2025 Edition

Dark Web Roast - July 2025 Edition By Trellix Advanced Research Center · August 19, 2025 Executive Summary July 2025 delivered a masterclass in cybercriminal mediocrity that would make even the most charitable threat intelligence analyst weep into their coffee. After extensive hunts across the da...

IBM Concert Software 信任管理问题漏洞

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software has a trust management issue vulnerability that stems from...

Linux Distros Unpatched Vulnerability : CVE-2021-3711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twic...

CVE-2025-55279 Hard-coded Private Key Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...