Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003375)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003375 advisory. Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gai...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003283)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003283 advisory. Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gai...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2026-1055)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

Deno security vulnerabilities

Deno is a simple, modern, and secure JavaScript and TypeScript runtime environment developed by Deno itself. Versions of Deno prior to 2.6.0 contained a security vulnerability caused by node:crypto failing to perform password encryption properly, which could lead to infinite encryption attacks...

Advanced Encryption Technique for Multimedia Data Using Sudoku-Based Algorithms for Enhanced Security

Encryption and Decryption is the process of sending a message in a ciphered way that appears meaningless and could be deciphered using a key for security purposes to avoid data breaches. This paper expands on the previous work on Sudoku-based encryption methods, applying it to other forms of medi...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001856)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001856 advisory. A missing authorization check in the fscryptprocesspolicy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel befor...

Juniper Networks Junos Space encryption vulnerabilities

Juniper Networks Junos Space is a network management solution provided by the company Juniper Networks. This solution supports automatic configuration, monitoring, and troubleshooting of devices and services throughout their entire lifecycle. Versions of Juniper Networks Junos Space prior to 24.1...

CVE-2025-68701

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

Security Bulletin: AIX/VIOS is vulnerable to an out-of-bounds read (CVE-2025-9230, CVE-2025-9232) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow an attacker to trigger an out-of-bounds read CVE-2025-9230, CVE-2025-9232. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt C...

UBUNTU-CVE-2025-71131

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

MiracleLinux 3 : openssl-0.9.8e-22.AXS3.4 (AXSA:2012-567:05)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-567:05 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

MiracleLinux 3 : libxslt-1.1.17-2.1.2AXS3 (AXSA:2008-83:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-83:01 advisory. libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. CVE-2008-2935: Multiple...

CVE-2025-52435

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

EUVD-2026-2027

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

EUVD-2026-2022

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the AES/CBC/PKCS5Padding...

GHSA-GXP5-MV27-VJCJ Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...