Fedora 43 : bind (2025-3e245eae46)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3e245eae46 advisory. Fix dual-signed domains verification, when one of algorithms is not supported. Tenable has extracted the preceding description block directly from the Fedora...

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. Mitigation Mitigation for this issue is either not available or the...

Black-Box Guardrail Reverse-Engineering Attack

Large language models LLMs increasingly employ guardrails to enforce ethical, legal, and application-specific constraints on their outputs. While effective at mitigating harmful responses, these guardrails introduce a new class of vulnerabilities by exposing observable decision patterns. In this...

Claude Code Can Debug Low-level Cryptography

Over the past few days I wrote a new Go implementation of ML-DSA, a post-quantum signature algorithm specified by NIST last summer. I livecoded it all over four days, finishing it on Thursday evening. Except… Verify was always rejecting valid signatures. $ bin/go test crypto/internal/fips140/mlds...

Astra Linux – Vulnerability in HAPProxy

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service through specially crafted JSON requests...

Astra Linux - уязвимость в openssh

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...

Panic when validating certificates with DSA public keys in crypto/x509

...

EUVD-2025-36738

Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

SUSE CVE-2025-40063

In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 "crypto: acomp - Move scomp stream allocation code into acomp", the cryptoacompstreams struct was made to rely on having the allocctx and...

PQC Key Exchange (KEX) Algorithm(s) Supported (SSH)

The remote SSH server is configured to allow / support at least ONE Post-Quantum Cryptography PQC key exchange KEX algorithms. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PQC Key Exchange (KEX) Algorithm(s) Missing (SSH)

The remote SSH server is configured to NOT allow / support at least ONE Post-Quantum Cryptography PQC key exchange KEX algorithms. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2025-40063

In CVE-2025-40063, the Linux kernel fixed a cryptographic component mismatch: crypto_acomp_streams and scomp_alg relied on alloc_ctx/free_ctx in the same order, but structure layout randomization could desynchronize their definitions. The fix removes a union from scomp_alg so both structures shar...

CVE-2025-40063 crypto: comp - Use same definition of context alloc and free ops

In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 "crypto: acomp - Move scomp stream allocation code into acomp", the cryptoacompstreams struct was made to rely on having the allocctx and...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1254)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1254 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths CVE-2025-39816 In the Linux kernel, the following...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21640)

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

CVE-2025-40022

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix incorrect boolean values in afalgctx Commit 1b34cbbf4f01 "crypto: afalg - Disallow concurrent writes in afalgsendmsg" changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to...