2273 matches found
openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
[SECURITY] Fedora 44 Update: python-cramjam-2.11.0-12.fc44
Thin Python bindings to de/compression algorithms in Rust...
openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
CVE-2026-54291
CVE-2026-54291 affects pgjdbc (OpenJDK PostgreSQL JDBC Driver) in versions 42.7.4–42.7.11. The issue allows a silent downgrade of channelBinding from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256 when an attacker can intercept TLS and presents a certificate whose signature algorithm lacks a tls-serve...
CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...
openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
PostgresSQL JDBC -- Silent channel-binding authentication downgrade via unsupported certificate algorithms
PostgreSQL project reports: channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection...
CVE-2026-57997
Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...
PT-2026-53747
Name of the Vulnerable Software and Affected Versions Strapi users-permissions plugin affected versions not specified Description The users-permissions plugin fails to restrict JSON Web Token JWT algorithms when the plugin::users-permissions.jwt.algorithm configuration is not explicitly set. This...
Linux Distros Unpatched Vulnerability : CVE-2026-53038
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - imafs: Correctly create securityfs files for unsupported hash algos imatpmchip-allocatedbanksi.cryptoid is initialized to HASHALGOLAST if the TPM algorithm is n...
EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2455)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...
CVE-2026-53302
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
UBUNTU-CVE-2026-53302
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
EUVD-2026-39837
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
CVE-2026-53302
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
CVE-2026-53302
The CVE-2026-53302 issue is in the Linux kernel cryptographic module (EIP93 hardware accelerator). The root cause is in eip93_hmac_setkey(): it allocates a temporary ahash transform for HMAC key material using a driver name (e.g., sha256-eip93) but masks CRYPTO_ALG_ASYNC, which excludes async alg...
CVE-2026-53038
A flaw was found in the Linux kernel's Integrity Measurement Architecture IMA subsystem. When handling unsupported Trusted Platform Module TPM hash algorithms, the imafs component incorrectly accesses a hash algorithm name array, leading to a read out-of-bounds. This vulnerability could allow a...
CVE-2026-6325
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...
DEBIAN-CVE-2026-6325
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...