Libopensc: heap buffer overflow in openpgp driver when generating key

...

Linux Distros Unpatched Vulnerability : CVE-2018-20187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to deriv...

SUSE CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

UBUNTU-CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562 ksmbd: fix null pointer dereference error in generate_encryptionkey

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

PT-2025-33834 · Undefined · Undefined

CVE-2025-57722 - Fortinet SSL/TLS Weak Key Generation CVE ID : CVE-2025-57722 Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Secure Authentication Via Quantum Physical Unclonable Functions: a Review

Quantum Physical Unclonable Functions QPUFs offer a physically grounded approach to secure authentication, extending the capabilities of classical PUFs. This review covers their theoretical foundations and key implementation challenges - such as quantum memories and Haar-randomness -, and...

OESA-2025-1747 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications th...

The vulnerability of the rweather library and the crypto-based solutions for organizing tactical radio communications in hard-to-access areas like Meshtastic allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the rweather library and the crypto-based solutions for organizing tactical radio communications in hard-to-access areas like Meshtastic is related to insufficient entropy during key generation. Exploiting this vulnerability allows a remote attacker to compromise the...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

Quantum Enhanced Entropy Pool for Cryptographic Applications and Proofs

This paper investigates the integration of quantum randomness into Verifiable Random Functions VRFs using the Ed25519 elliptic curve to strengthen cryptographic security. By replacing traditional pseudorandom number generators with quantum entropy sources, we assess the impact on key security and...

CVE-2025-52464

Meshtastic versions 2.5.0–2.6.10 expose a vulnerability where flashing procedures can duplicate public/private keys and the RNG may have low entropy, allowing an attacker to decrypt Direct Messages after collecting compromised keys. This is caused by key generation timing and insufficient randomn...

CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

Meshtastic 安全特征问题漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security signature issue vulnerability exists in Meshtastic versions prior to 2.5.0 through 2.6.11, which stems from insufficient entropy in the key generation process that could lead to key...

TencentOS Server 4: tang (TSSA-2025:0140)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0140 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

vantage6 安全特征问题漏洞

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security feature issue vulnerability exists in vantage6 versions prior to 4.11.0 that stems from an insecure JWT key auto-generation that could lead to key prediction...

Spanning-Tree-Packing Protocol for Conference Key Propagation in Quantum Networks

We consider a network of users connected by pairwise quantum key distribution QKD links. Using these pairwise secret keys and public classical communication, the users want to generate a common conference secret key at the maximal rate. We propose an algorithm based on spanning tree packing a kno...

PT-2025-26221

Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5.0 through 2.6.10 Description Meshtastic is an open source mesh networking solution. The flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, Meshtastic was failin...