CLSA-2026-1772465492 podman: Fix of 4 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

Security Bulletin: Vulnerabilities in python affects IBM Netezza Appliance

Summary The python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-12084, CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-12084 DESCRIPTION: When building nested elements using xml.dom.minidom methods such as appendChild that have a...

SUSE CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

IBM Verify Identity Access Container Weak Encryption Algorithm Vulnerability

IBM Verify Identity Access Container is an identity and access management solution for providing secure single sign-on and access control. A weak cryptographic algorithm vulnerability exists in IBM Verify Identity Access Container. The vulnerability stems from the product's use of a...

CVE-2026-39413

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

K000160933: OpenSSL for Windows vulnerability CVE-2023-4807

Security Advisory Description Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: ...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the cryptographic algorithm implementation. An attacker can compromise the confidentiality of sensitive information by exploiting weak or insufficient cryptographic algorithms...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the key generation. An attacker can compromise the confidentiality of generated cryptographic keys by exploiting weak or predictable key material. Remediation A fix was pushed into the...

Use of a Broken or Risky Cryptographic Algorithm

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

Use of a Broken or Risky Cryptographic Algorithm

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

SUSE-SU-2026:21250-1 Security update for openvswitch

This update for openvswitch fixes the following issue: - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007033)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007033 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...

Quantum Computers Are Not a Threat to 128-bit Symmetric Keys

The advancing threat of cryptographically-relevant quantum computers has made it urgent to replace currently-deployed asymmetric cryptography primitives—key exchange ECDH and digital signatures RSA, ECDSA, EdDSA—which are vulnerable to Shor’s quantum algorithm. It does not, however, impact existi...

Amazon AWS Encryption SDK 安全漏洞

Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...

PT-2026-33697

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...