curl: Incorrect sizeof() in Rustls Backend Memory Allocation

Summary There's a bug in lib/vtls/rustls.c where malloc uses sizeofciphersuites instead of sizeofciphersuites. This allocates memory based on pointer size rather than element size. Steps To Reproduce 1. Look at lib/vtls/rustls.c line 530: c const struct rustlssupportedciphersuite ciphersuites =...

Siemens RUGGEDCOM ROS Devices Improperly Implemented Security Check for Standard (CVE-2021-42017)

A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. This plugin only works...

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2021-22897)

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single static variable in the library, which has the surprising...

UBUNTU-CVE-2025-40182

In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...

kernel: crypto: xts - Handle EBUSY correctly

A flaw use after free in the Linux kernel XTS XOR Encrypt XOR with ciphertext stealing crypto Kernel module was found in the way privileges user triggers XTS crypto API in specific way. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from skcipher not setting reqsize correctly, which could lead to memory corruption...

Enhancing Deep Learning-Based Rotational-XOR Attacks on Lightweight Block Ciphers Simon32/64 and Simeck32/64

At CRYPTO 2019, Gohr pioneered neural cryptanalysis by introducing differential-based neural distinguishers to attack Speck32/64, establishing a novel paradigm combining deep learning with differential cryptanalysis.Since then, constructing neural distinguishers has become a significant approach ...

CLSA-2025-1762361016 libssh: Fix of CVE-2025-5987

CVE-2025-5987: fix missing error detection in ChaCha20 initialization that could leave cipher context partially uninitialized...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: crypto: sun8i-ce-cipher – Fixed error handling in sun8icecipherprepare. Fixed two DMA cleanup issues on the error path in sun8icecipherprepare: 1. If dmamapsg fails for areq-dst, the device driver will attempt to free DMA memo...

CVE-2025-58356

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...

CVE-2025-58356

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to unsafe handling of null keyslot algorithms in the cryptactivatebypassphrase function. An attacker can gain unauthorized access to unencrypted persistent storage by exploiting the...

GHSA-HQ76-6GH2-5G4Q Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

Advisory ROSA-SA-2025-3042

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...

Siemens RUGGEDCOM ROS Devices Use of a Broken or Risky Cryptographic Algorithm (CVE-2025-41223)

The affected devices support the TLSECDHEECDSAWITHAES128CBCSHA256 cipher suite, which uses CBC Cipher Block Chaining mode that is known to be vulnerable to timing attacks. This could allow an attacker to compromise the integrity and confidentiality of encrypted communications. This plugin only...

SUSE-SU-2025:3785-1 Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.9.0.git21.a73f509. Security issues fixed: - CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource...

EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-2291)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads...

EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-2259)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : krb5 (SUSE-SU-2025:3699-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3699-1 advisory. - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages tha...