Lucene search
K

376 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002285)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002285 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...

5.5CVSS6.5AI score0.00504EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003482)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003482 advisory. crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface...

7.8CVSS6.5AI score0.00411EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002450 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...

5.5CVSS6.5AI score0.00504EPSS
Exploits0References14
OSV
OSV
added 2026/01/13 7:49 p.m.4 views

CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...

8.2CVSS6.4AI score0.00141EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/13 7:49 p.m.8 views

EUVD-2026-2017

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defi...

8.2CVSS6AI score0.00118EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.10 views

CVE-2022-23024

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel T...

7.5CVSS6.8AI score0.00904EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.10 views

CVE-2022-23025

On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reache...

7.5CVSS6.8AI score0.00904EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000321)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000321 advisory. In the Linux kernel through 4.20.11, afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in...

7.8CVSS7.1AI score0.00651EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/30 5:32 p.m.4 views

CVE-2025-15258 Edimax BR-6208AC Web-based Configuration formALGSetup redirect

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

5.1CVSS4.6AI score0.00221EPSS
Exploits1References4
Amazon
Amazon
added 2025/10/27 12:0 a.m.11 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths CVE-2025-39816 In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg...

9.8CVSS6.6AI score0.08942EPSS
Exploits1
OSV
OSV
added 2025/10/24 1:15 p.m.2 views

UBUNTU-CVE-2025-40022

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix incorrect boolean values in afalgctx Commit 1b34cbbf4f01 "crypto: afalg - Disallow concurrent writes in afalgsendmsg" changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to...

4.8CVSS5.7AI score0.00193EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.11 views

Oracle Linux 7 : kernel (ELSA-2025-17161)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-17161 advisory. - ALSA: usb-audio: Fix an out-of-bounds bug in sndusbparseaudiointerface CVE-2022-48701 Orabug: 38493400 - md-raid10: fix KASAN warning CVE-2022-50211...

7.8CVSS7.7AI score0.03558EPSS
Exploits8References7
NVD
NVD
added 2025/10/10 2:15 p.m.5 views

CVE-2025-61152

python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...

6.5CVSS0.00305EPSS
Exploits0References3
OSV
OSV
added 2025/10/10 2:15 p.m.4 views

DEBIAN-CVE-2025-61152

python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...

6.5CVSS7.4AI score0.00305EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.12 views

PT-2025-41563

Name of the Vulnerable Software and Affected Versions python-jose versions through 3.3.0 Description The software accepts JWT tokens with 'alg=none' without cryptographic signature verification. This allows a malicious actor to create forged tokens with arbitrary claims, potentially bypassing...

6.5CVSS7.1AI score0.00305EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-53599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix missing initialisation affecting gcm-aes-s390 Fix afalgallocareq to...

5.5CVSS6.1AI score0.0012EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-3787

Malware in sbrugna...

10CVSS6.4AI score0.02262EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-0862

Malware in sbrugna...

7.5CVSS7.5AI score0.01349EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-5317

Malware in sbrugna...

6.5CVSS6.4AI score0.00465EPSS
Exploits4References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0872

Malware in sbrugna...

7.5CVSS7.5AI score0.01271EPSS
Exploits0References2
Rows per page
Query Builder