CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562 ksmbd: fix null pointer dereference error in generate_encryptionkey

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562

CVE-2025-38562 affects the Linux kernel ksmbd component. When a client performs two session setups with krb5 authentication to ksmbd, a null pointer dereference in generate_encryptionkey could occur if sess->Preauth_HashValue is NULL while the session is valid. The fix ensures the encryption k...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a null pointer dereference in the generateencryptionkey function...

JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

Linux Distros Unpatched Vulnerability : CVE-2024-45004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load...

HPE Telco Network Function Virtual Orchestrator 安全漏洞

HPE Telco Network Function Virtual Orchestrator is an orchestration and management software for the virtualization of telecom network functions from HPE, USA. A security vulnerability exists in HPE Telco Network Function Virtual Orchestrator that stems from an improper encryption key storage poli...

Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53671

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

SUSE CVE-2025-52496

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...

IBM MQ 9.2 < 9.2.0.36 LTS / 9.3 < 9.3.0.30 LTS / 9.3 < 9.4.3 CD / 9.4 < 9.4.0.12 LTS / 9.4.3 (7238314)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7238314 advisory. - Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack- based buffer overflow in orftokenendianconvert in exec/totemsrp....

CVE-2025-2327

A flaw exists in FlashArray whereby the Key Encryption Key KEK is logged during key rotation when RDL is configured...

CVE-2025-2327

A flaw exists in FlashArray whereby the Key Encryption Key KEK is logged during key rotation when RDL is configured...

CVE-2025-2327 FlashArray KEK Logging Vulnerability

A flaw exists in FlashArray whereby the Key Encryption Key KEK is logged during key rotation when RDL is configured...

CVE-2025-2327 FlashArray KEK Logging Vulnerability

A flaw exists in FlashArray whereby the Key Encryption Key KEK is logged during key rotation when RDL is configured...

CVE-2025-2327

CVE-2025-2327 affects Pure Storage FlashArray. A KEK is logged during key rotation when RDL is configured, potentially enabling information disclosure of KEKs. Documented impact is limited to what is stated; exploitation details are not provided in the supplied materials. Some connected sources n...

PT-2025-25571 · Pure Storage · Pure Storage Flasharray

Name of the Vulnerable Software and Affected Versions: Pure Storage FlashArray affected versions not specified Description: A flaw exists in FlashArray whereby the Key Encryption Key KEK is logged during key rotation when RDL is configured. Recommendations: At the moment, there is no information...

CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...

CVE-2025-43925

CVE-2025-43925 affects Unicom Focal Point 7.6.1. The issue is that the database is encrypted with a hardcoded key, which could allow recovery of plaintext data. Multiple connected sources corroborate the vulnerability, noting the same root cause and potential impact. There is no explicit exploit ...

CVE-2025-48495 Gokapi has stored XSS vulnerability in friendly name for API keys

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...