Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002633 advisory. The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AFALG-base...

MiracleLinux 3 : openssl-0.9.8e-12.AXS3.7 (AXSA:2010-510:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-510:02 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001667)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001667 advisory. A flaw was found in the subsequent getuserpagesfast in the Linux kernels interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher...

MiracleLinux 3 : openssh-4.3p2-29.2AXS3 (AXSA:2009-395:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-395:02 advisory. SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure...

MiracleLinux 4 : openldap-2.4.23-26.AXS4.2 (AXSA:2012-882:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-882:03 advisory. OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing...

MiracleLinux 4 : openssl-1.0.0-20.AXS4.5 (AXSA:2012-576:06)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-576:06 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

EUVD-2026-2022

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

CVE-2025-68931

Jervis (net.gleske:jervis) before version 2.2 uses AES/CBC/PKCS5Padding without authentication, making it susceptible to padding oracle attacks and ciphertext manipulation. The issue is fixed in Jervis 2.2 by migrating to AES/GCM/NoPadding. Affected products: Jervis library for Job DSL plugin scr...

GHSA-GXP5-MV27-VJCJ Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

Astra Linux - уязвимость в openssl

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...

Astra Linux - уязвимость в libssh

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

CVE-2023-4333

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server...

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

CVE-2022-27581

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version...