CVE-2025-21640

Summary (CVE-2025-21640) : In the Linux kernel, the sctp: sysctl: cookie_hmac_alg path was fixed to avoid using current->nsproxy. The root cause involved dereferencing current->nsproxy (which can be NULL, e.g., when the task is exiting), leading to an OOPs condition. The patch replaces the ...

CVE-2025-21640

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

CVE-2024-13026

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used legacy component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft...

CVE-2024-13026 Inadequate Encryption Strength Vulnerability in Roche Algo Edge

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used legacy component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft...

CVE-2024-13026

CVE-2024-13026 affects Roche Algo Edge up to version 2.1.1, a legacy component of the navify Algorithm Suite. The flaw resides in the authentication mechanism of Algo Edge, enabling an attacker with adjacent access to craft valid authentication tokens and access the component; other navify compon...

BIT-PYTHON-MIN-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

PT-2025-1985 · Algo Edge · Algo Edge

Name of the Vulnerable Software and Affected Versions: Algo Edge versions up to 2.1.1 Description: A vulnerability exists in the authentication mechanism of Algo Edge, which could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authenticati...

[SECURITY] Fedora 40 Update: rsync-3.4.0-1.fc40

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

CVE-2024-8603

A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices...

CVE-2024-8603

CVE-2024-8603 affects B&R Automation Runtime and B&R mapp View versions prior to 6.1, where the SSL/TLS component uses a broken or risky cryptographic algorithm. Unauthenticated network-based attackers may masquerade as services on impacted devices. Multiple sources (NVD/NCSA advisory references ...

CVE-2024-6324 Inefficient Algorithmic Complexity in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics...

CVE-2024-6324 Inefficient Algorithmic Complexity in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics...

CVE-2024-8361 DoS caused due to wrong hash length returned for SHA2/224 algorithm

In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service DoS. If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not...

CVE-2024-8361

In SiWx91x devices, CVE-2024-8361 describes a DoS caused by SHA2/224 producing a 256-bit hash instead of 224 bits, triggering a software assertion. The issue is documented across multiple sources (NVD, Red Hat, CVE listing). Affected component is the SHA2/224 implementation; root cause is incorre...

PT-2025-4294 · Unknown · Langchain4J-Aideepin

Name of the Vulnerable Software and Affected Versions: LangChain4j-AIDeepin versions prior to 3.5.0 Description: LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to version 3.5.0, it used MD5 to hash files, which may cause file upload conflicts. Recommendations: For...

Unspecified vulnerability in GNU GRUB

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB that stems from grubcryptomemcmp not using a constant time algorithm, no details of the vulnerability are provided at this time...

CVE-2024-56414

The CVE-2024-56414 entry describes a vulnerability in Acronis Cyber Protect 16 for Windows prior to build 39169, where the web installer integrity check uses a weak hash algorithm. Affected product/version: Acronis Cyber Protect 16 (Windows) before build 39169. Impact and exploit details are not ...

CVE-2024-56414

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

CVE-2024-56414

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

PT-2026-2874

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel's crypto subsystem contains an issue where memory allocated via sock kmalloc was not zero-initialized. This affected several crypto user API contexts and requests, relyi...