Astra Linux - уязвимость в samba

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on November 8, 2022, and according to RFC8429, it is assumed that RC4-HMAC is weak. Vulnerable Samba Active Directory Domain Controllers will issue RC4-HMAC encrypted tickets, even though the targe...

Astra Linux - уязвимость в linux

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus – Do not free ring buffers that cannot be re-encrypted. In CoCo VMs, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the return of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: Fixed a UAF Use-After-Free issue in decryption with multichannel. After the commits f7025d861694 “smb: client: allocate crypto only for primary server” and b0abcd65ec54 “smb: client: fix UAF in async decryption”,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed OOB issues when building SMB2IOCTL requests. When encryption is used, whether enforced by the server or when using the “seal” mount option, the client will squash all compound request buffers for encryption int...

OESA-2026-2175 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access WPA, WPA2, or WPA3 or Wired Equivalent Privacy WEP, an adversary can exploit this vulnerability to injec...

MiracleLinux 9 : buildah-1.41.8-3.el9_7 (AXSA:2026-524:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-524:03 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986 Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-43020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when...

openSUSE 16 Security Update : python-jwcrypto (openSUSE-SU-2026:20644-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20644-1 advisory. - CVE-2026-39373: weak mitigation for JWT bomb attack in the deserialize function can lead to memory exhaustion via crafted compressed JWE tokens...

CVE-2026-43020

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

CVE-2026-31719

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

EUVD-2026-26619

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

CVE-2026-43020

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

CVE-2026-43020

CVE-2026-43020 concerns the Linux kernel Bluetooth MGMT path: load-time Long Term Keys can overflow a fixed-size stack buffer if enc_size exceeds the 16-byte key buffer. The root cause is validation of enc_size not rejecting oversized values during management LTK record validation, allowing inval...

CVE-2026-31719

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

CVE-2026-31719

CVE-2026-31719 concerns the Linux kernel crypto/krb5enc async decrypt path where the skcipher completion could bypass the hash verification, bypassing integrity checks. The root cause is krb5enc_dispatch_decrypt() signaling completion without invoking krb5enc_dispatch_decrypt_hash(). The fix adds...

CVE-2026-31719 crypto: krb5enc - fix async decrypt skipping hash verification

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin <= 7.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content versions = 7.7.0...

[SECURITY] Fedora 44 Update: openbao-2.5.3-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

[SECURITY] Fedora 43 Update: openbao-2.5.3-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...