205 matches found
Debian dla-4669 : libapache2-mod-php8.2 - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4669 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 4669-1] php8.2 security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
[SECURITY] [DSA 6377-1] php8.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq -...
EUVD-2026-38453
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...
CVE-2026-35019
NetComm NF20MESH routers with firmware R6B031 and earlier are affected by an authentication bypass in the web management interface. The root cause is a hardcoded AES-256 key used to encrypt session cookies; an attacker can forge a valid encrypted cookie with the shared key to bypass authenticatio...
CVE-2026-8881 CVE-2026-8881
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
Malicious code in qaq-core-util-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...
MAL-2026-4653 Malicious code in qaq-core-util-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...
GHSA-PHQJ-4MHP-Q6MQ rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
CipherCtxRef::cipherupdateinplace incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption whe...
PT-2026-42029
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The CipherCtxRef::cipher update inplace function incorrectly sizes output buffers when utilizing AES key-wrap-with-padding ciphers, specifically EVP aes 128 wrap pad, EVP aes 192 wrap pad, an...
CVE-2026-44662
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...
CVE-2026-44662
CVE-2026-44662 affects rust-openssl bindings (Rust) from 0.10.0 up to 0.10.79. CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update mis-sized outputs when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For non-multiple-of-8 input, ...
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...
Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui
HTB-Snapped-Writeup HTB Snapped — Hard Linux machine writeup...
MAXHUB Pivot client application 加密问题漏洞
The MAXHUB Pivot client application is a client component of the MAXHUB company’s device management platform. Versions of the MAXHUB Pivot client application prior to 1.36.2 contained an encryption vulnerability. This vulnerability stemmed from the hardcoded AES key within the application. It cou...
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...
CVE-2026-41678
CVE-2026-41678 affects rust-openssl bindings. The aes::unwrap_key() function contains an inverted assertion (out.len() + 8 = in_.len() - 8, allowing potential out-of-bounds writes when buffers are smaller than required. This vulnerability is limited to versions before 0.10.78; 0.10.78 fixes the i...
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...
CVE-2025-67112
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...