5806 matches found
CVE-2025-4382 Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...
CVE-2025-4382
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...
CVE-2025-4382 Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...
CVE-2025-4382
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...
CVE-2025-46833
Programs/P73SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been...
PT-2025-20442 · Grub +2 · Grub +2
Name of the Vulnerable Software and Affected Versions: GRUB versions affected versions not specified Description: A flaw in systems using LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption may allow an attacker with physical access to access unencrypted data without further...
EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1440)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...
EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1439)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...
CVE-2025-46632
Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...
CVE-2025-46632
Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...
DEBIAN-CVE-2025-37750
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...
AZL-69737 CVE-2025-37750 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...
CVE-2025-37750
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...
UBUNTU-CVE-2025-37750
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...
CVE-2025-37750
CVE-2025-37750: Linux kernel SMB client UAF in decryption with multichannel resolved. After commits f7025d861694 and b0abcd65ec54, multiple cifsd threads could access the AEAD crypto context simultaneously, causing a use-after-free during decryption. The issue triggered KASAN reports (gf128mul_4k...
CVE-2025-37750
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...
CVE-2025-46626
The CVE-2025-46626 entry concerns the Tenda RX2 Pro (firmware 16.03.30.14). The root cause is the reuse of a static AES key and initialization vector for encrypted traffic to the device’s ‘ate’ management service, enabling an attacker to decrypt, replay, and forge traffic targeting that service. ...
CVE-2025-46626
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service...