SUSE CVE-2023-43635

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

UBUNTU-CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

CVE-2026-6478

CVE-2026-6478 describes a covert timing channel in PostgreSQL authentication that leverages the comparison of MD5-hashed passwords to recover credentials sufficient to authenticate. The issue affects MD5-hashed password usage (not affecting scram-sha-256 by default) and is pertinent to environmen...

Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

PT-2025-3698 · Siwx91X · Siwx91X

Name of the Vulnerable Software and Affected Versions: SiWx91x devices affected versions not specified Description: The issue is related to the SHA2/224 algorithm, which returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, causing a Denial of...

CLSA-2024-1719925589 openssl: Fix of 2 CVEs

CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection - Update expired smime certificates - Add testing using old certificates sha1 to have both types of certificates sha1, sha256 checked...

PT-2023-28886

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description The issue concerns a problem where PCR14 is not in the list of PCRs that seal/unseal the "vault" key. Due to a change implemented in a commit, fixing this...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4533098)

Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 KB4533098 Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 This update is included in the Quality Rollup that's dated...

Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4520406)

Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 KB4520406 Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft...

November 19, 2019—KB4525251 (Preview of Monthly Rollup)

November 19, 2019—KB4525251 Preview of Monthly Rollup IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT Customers who have purchased the Extended Security Update ESU for on-premises versions of some...

November 19, 2019—KB4525244 (Preview of Monthly Rollup)

November 19, 2019—KB4525244 Preview of Monthly Rollup IMPORTANT Customers who have purchased the Extended Security Update ESU for on-premises versions of some operating systems must follow specific procedures to continue receiving security updates after extended support ends on January 14, 2020...

Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4516551)

Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 KB4516551 Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft...