Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Added validation for the used length. This addition ensures that the used length is validated which may come from an untrusted device, to prevent data corruption or loss...

EUVD-2026-23611

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known...

PT-2026-33539

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description An out of bound read occurs in the ptp unpack EOS FocusInfoEx function when processing input from untrusted USB devices, which can lead to a crash of the library. Recommendations Update to a...

EUVD-2020-1897

Malware in sbrugna...

Certified Randomness from Quantum Speed Limits

Quantum speed limits are usually regarded as fundamental restrictions, constraining the amount of computation that can be achieved within some given time and energy. Complementary to this intuition, here we show that these limitations are also of operational value: they enable the secure generati...

SUSE CVE-2021-47352

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length might come from an untrusted device to avoid data corruption or loss...

keylime: Attestation failure when the quote's signature does not validate

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...

PYSEC-2023-128

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...

CVE-2023-3674

Keylime CVE-2023-3674 affects the attestation verifier, where a TPM quote with an invalid signature is not flagged as faulty by the verifier (logged as an error instead of marking the device untrusted). Connected advisories confirm a fix was backported in various OS releases (e.g., RHEL/OpenELinu...

PT-2023-25692 · Keylime +3 · Keylime +3

Name of the Vulnerable Software and Affected Versions: keylime affected versions not specified Description: A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it...

OPENSUSE-SU-2021:0713-1 Security update for syncthing

This update for syncthing fixes the following issues: Update to 1.15.0/1.15.1 This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages CVE-2021-21404; see GHSA-x462-89pf-6r5h. boo1184428 This release updates the CLI to use...

Security update for syncthing (moderate)

openSUSE Security Update: Security update for syncthing Announcement ID: openSUSE-SU-2021:0713-1 Rating: moderate References: 1184428 Cross-References: CVE-2021-21404 CVSS scores: CVE-2021-21404 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP...

OPENSUSE-SU-2021:0688-1 Security update for syncthing

This update for syncthing fixes the following issues: Update to 1.15.0/1.15.1 This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages CVE-2021-21404; see GHSA-x462-89pf-6r5h. boo1184428 This release updates the CLI to use...

CVE-2020-0394

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

CVE-2020-0394

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

ASB-A-155648639

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for...

PT-2019-3106 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.1.8 Description: The issue is related to a NULL pointer dereference in the drivers/usb/misc/sisusbvga/sisusb.c driver, caused by a malicious USB device. This can lead to a denial of service. Recommendations: F...