Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005684)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005684 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 ext4: fixup...

CVE-2025-63912

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials...

PT-2026-22771

Name of the Vulnerable Software and Affected Versions Cohesity TranZman Migration Appliance version 4.0 Build 14614 Description The Cohesity TranZman Migration Appliance utilizes a weak cryptography algorithm for data encryption. This allows attackers to easily reverse the encryption process and...

CVE-2025-63912

CVE-2025-63912 affects Cohesity TranZman Migration Appliance Release 4.0 Build 14614. The issue is a weak cryptography algorithm used for data encryption (static XOR in some disclosures), allowing an attacker to reverse encryption and expose credentials. Impact is credential exposure as described...

IBM Aspera faspio Gateway 加密问题漏洞

IBM Aspera faspio Gateway is a data transfer software developed by IBM Corporation. Version 1.3.6 of IBM Aspera faspio Gateway contains a vulnerability related to encryption. This vulnerability stems from the use of an encryption algorithm that is weaker than expected, which may allow attackers t...

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

CVE-2025-63912

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials...

CVE-2026-3337 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decryptcek function. An attacker can cause excessive CPU resource consumption by supplying a crafted JSON Web Encryption JWE token with an unbounded p2c parameter value, leadi...

GHSA-W5R5-M38G-F9F9 joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

CVE-2026-0995

The CVE-2026-0995 issue affects Arm C1-Pro before r1p2-50eac0. Under certain conditions, a TLBI+DSB may fail to ensure completion of memory accesses related to SME, indicating a potential memory ordering/visibility problem. Connected documents confirm the vulnerability description but do not prov...

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

CVE-2026-0995

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

PT-2026-22600

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There are security vulnerabilities in Qualcomm Chipsets, which stem from improper configuration. These vulnerabilities may lead to encryption issues when initiating VoWiFi calls from the UE device...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets. These vulnerabilities stem from shared VM references that allow HLOS access to bootloaders and certificate chains, potentially leading to...