61 matches found
gnutls: gnutls: Information disclosure via heap overread in RSA key exchange
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...
PT-2026-51111
Name of the Vulnerable Software and Affected Versions OpenBao versions 2.5.2 through 2.5.4 Description An authenticated user with write access to the transit/keys/ endpoint can cause a denial-of-service by crashing the server. This occurs when a key-creation request is sent combining an asymmetri...
kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...
gnutls: gnutls: Information disclosure via heap overread in RSA key exchange
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...
kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...
CVE-2026-4387
StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...
GnuTLS 安全漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS libgnutls has a security vulnerability that stems from the transmission of extremely short pre-master keys during RSA key exchanges. This...
CVE-2026-39829
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: KEYS: prevented NULL pointer dereference in findasymmetrickey. In findasymmetrickey, if all NULL values are passed as arguments to id0,1,2, the kernel will first emit a WARN message, but then there will be an oops because id2 wil...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys – prevented overflow in asymmetrickeygenerateid. Use checkaddoverflow to prevent potential integer overflows when adding the lengths of binary blobs and the size of an asymmetrickeyid structure. Return...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont a...
AlmaLinux 8 : kernel (ALSA-2026:13577)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13577 advisory. kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend...
Malicious Package
Overview asymmetric-key-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...
Azure Linux 3.0 Security Update: kernel (CVE-2024-47743)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47743 advisory. - In the Linux kernel, the following vulnerability has been resolved: KEYS: prevent NULL pointer dereference i...
EUVD-2024-54386
Malicious code in bioql PyPI...
EUVD-2022-7650
Malicious code in bioql PyPI...
CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2024-43065
Cryptographic issues while generating an asymmetric key pair for RKP use cases...
CVE-2024-43065
Cryptographic issues while generating an asymmetric key pair for RKP use cases...