kernel: cifs: fix oops during encryption

An out-of-bounds memory access vulnerability exists in the linux kernel, such that A stack-allocated buffer backed by vmalloc was passed into crypto code scatterwalkmapandcopy → memcpy where a cross-page write occurred. This ended up hitting a read-only mapping, causing a page-level fault and...

CVE-2025-65951

CVE-2025-65951 affects Inside Track / Entropy Derby. Before commit 2d38d2f , the VDF-based timelock encryption did not enforce sequential delay against the betting operator, enabling bettors to pre-compute the Wesolowski VDF and include the output in encrypted bets. This allowed the house to decr...

CVE-2025-65951 Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

Malicious code in @voiceflow/encryption (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13e58f7cdcdf3b87f5bbf111e42e13a1151626e495e15be73fc579109e397800 The package @voiceflow/encryption was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191344 Malicious code in @voiceflow/encryption (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13e58f7cdcdf3b87f5bbf111e42e13a1151626e495e15be73fc579109e397800 The package @voiceflow/encryption was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199418

Malicious code in @voiceflow/encryption npm...

RHEL 8 : kernel (RHSA-2025:22072)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22072 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Validate UAC...

Inside Track 加密问题漏洞

Inside Track is a horse racing betting engine by the individual developer Lumina Mescuwa. Inside Track suffers from an encryption issue vulnerability that stems from the VDF encryption system not enforcing a sequential delay, which could lead to immediate decryption...

PT-2025-47978

Name of the Vulnerable Software and Affected Versions Inside Track / Entropy Derby versions prior to commit 2d38d2f Description The VDF-based timelock encryption system in Inside Track / Entropy Derby fails to enforce sequential delay against the betting operator. This allows bettors to pre-compu...

RHEL 8 : kernel (RHSA-2025:22006)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22006 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ethtool: check device is...

FujiTelevison FOD app 安全漏洞

FujiTelevison FOD app is an on-demand mobile app from FujiTelevison Japan. A security vulnerability exists in the FujiTelevison FOD app that stems from the use of hard-coded encryption keys, which could lead to a local attacker obtaining the keys...

RHEL 9 : kernel (RHSA-2025:22066)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22066 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Validate UAC...

ROS-20251125-04

A vulnerability in OpenBao's secret management and encryption system is related to the fact that the software stores sensitive information in log files. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2025:4200-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4200-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150600.10.34 fixes various security issues The following security issues were fixed: -...

GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

EUVD-2025-198717

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core:syncope-core-persistence-jpa is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license. Affected versions of this package are vulnerable to Use of Hard-coded...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing the internal database content, as the encryption key is hard-coded and publicly known. Note:...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core:syncope-core-starter is an Apache Syncope Core Spring Boot Starter Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing t...