[SECURITY] [DSA 5986-1] node-cipher-base security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5986-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 26, 2025 https://www.debian.org/security/faq -...

DSA-5986-1 node-cipher-base - security update

Bulletin has no description...

Debian dsa-5986 : node-cipher-base - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-5986 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5986-1 [email protected] https://www.debian.org/security/...

Linux Distros Unpatched Vulnerability : CVE-2017-3225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's u...

An 8- and 12-Bit Block AES Cipher

Because it is so unusual, or hard to find, or expository, a truly tiny 8- or 12-bit block AES Rijndael cipher is documented here, along with Java source code...

Linux Distros Unpatched Vulnerability : CVE-2013-7469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct...

Bouncy Castle for Java has Out-of-Bounds Write Vulnerability

Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All API modules. This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the JCE Cipher.doFinal function in org/bouncycastle/jcajce/provider/BaseCipher when the same byte array is used for both input and output during native encrypt or decrypt operations. An attacker can cause data...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the JCE Cipher.doFinal function in org/bouncycastle/jcajce/provider/BaseCipher when the same byte array is used for both input and output during native encrypt or decrypt operations. An attacker can cause data...

CVE-2025-9340 native encrypt/decrypt operations in JCE may corrupt data if same byte array used for input and output.

Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All API modules. This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0...

CVE-2025-9340

CVE-2025-9340 is an Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java—BC-FJA 2.1.0 (API modules), affecting the file org/bouncycastle/jcajce/provider/BaseCipher. IBM security bulletins confirm this issue alongside CVE-2025-9341 and tie the impact to BC-F...

Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java. This issue affects Bouncy...

CVE-2025-9341

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...

CVE-2025-9341 Garbage collection can delay for AES CBC Native support, resulting in heap exhaustion

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...

CVE-2025-9341 Garbage collection can delay for AES CBC Native support, resulting in heap exhaustion

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...

Linux Distros Unpatched Vulnerability : CVE-2025-5987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected...

PT-2025-34333 · Unknown · Bouncy Castle For Java

Name of the Vulnerable Software and Affected Versions: Bouncy Castle for Java FIPS versions 2.1.0 through 2.1.0 Description: An uncontrolled resource consumption issue exists in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips, affecting all API modules. This issue allows for...

SUSE CVE-2025-9287

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

cipher-base is missing type checks, leading to hash rewind and passing on crafted data

Summary This affects e.g. create-hash and crypto-browserify, so I'll describe the issue against that package Also affects create-hmac and other packages Node.js createHash works only on strings or instances of Buffer, TypedArray, or DataView. Missing input type checks in npm create-hash polyfill ...

CVE-2025-9287

An improper input validation vulnerability was found in the cipher-base npm package. Missing input type checks in the polyfill of the Node.js createHash function result in invalid value calculations, hanging and rewinding the hash state, including turning a tagged hash into an untagged hash, for...