376 matches found
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002285)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002285 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003482)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003482 advisory. crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002450)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002450 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...
CVE-2026-22817 JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and Auth Bypass
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...
EUVD-2026-2017
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defi...
CVE-2022-23024
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel T...
CVE-2022-23025
On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reache...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000321)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000321 advisory. In the Linux kernel through 4.20.11, afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in...
CVE-2025-15258 Edimax BR-6208AC Web-based Configuration formALGSetup redirect
A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths CVE-2025-39816 In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg...
UBUNTU-CVE-2025-40022
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix incorrect boolean values in afalgctx Commit 1b34cbbf4f01 "crypto: afalg - Disallow concurrent writes in afalgsendmsg" changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to...
Oracle Linux 7 : kernel (ELSA-2025-17161)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-17161 advisory. - ALSA: usb-audio: Fix an out-of-bounds bug in sndusbparseaudiointerface CVE-2022-48701 Orabug: 38493400 - md-raid10: fix KASAN warning CVE-2022-50211...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
DEBIAN-CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
PT-2025-41563
Name of the Vulnerable Software and Affected Versions python-jose versions through 3.3.0 Description The software accepts JWT tokens with 'alg=none' without cryptographic signature verification. This allows a malicious actor to create forged tokens with arbitrary claims, potentially bypassing...
Linux Distros Unpatched Vulnerability : CVE-2023-53599
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix missing initialisation affecting gcm-aes-s390 Fix afalgallocareq to...
EUVD-2007-3787
Malware in sbrugna...
EUVD-2019-0862
Malware in sbrugna...
EUVD-2015-5317
Malware in sbrugna...
EUVD-2019-0872
Malware in sbrugna...