USN-7706-1: Ceph vulnerabilities

It was discovered that Ceph incorrectly handled read-only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 14.04 LTS. CVE-2018-14662 Sergey Bobrov discovered that Ceph’s RadosGW Ceph Object Gateway allowed the injectio...

Linux Distros Unpatched Vulnerability : CVE-2025-2814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for...

Linux Distros Unpatched Vulnerability : CVE-2025-38488

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming...

Linux Distros Unpatched Vulnerability : CVE-2020-28924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with...

SUSE CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

PT-2025-33489 · Firebird · Firebird

Name of the Vulnerable Software and Affected Versions: Firebird versions prior to 4.0.6.3183 Firebird versions prior to 5.0.2.1610 Firebird versions prior to 6.0.0.609 Description: Firebird is a relational database. If the ExtConnPoolSize parameter is not set to 0, a server process segfault may...

MAL-2025-11041 Malicious code in @zalastax/nolb-crypt (npm)

The package @zalastax/nolb-crypt was found to contain malicious code...

Malicious code in test-mlw2-burps-crypt (npm)

The package test-mlw2-burps-crypt was found to contain malicious code...

MAL-2025-35017 Malicious code in test-mlw2-burps-crypt (npm)

The package test-mlw2-burps-crypt was found to contain malicious code...

Malicious code in @zalastax/nolb-crypt (npm)

The package @zalastax/nolb-crypt was found to contain malicious code...

Fedora: Security Advisory (FEDORA-2025-fddaaaf9f0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : perl-Authen-SASL (2025-fddaaaf9f0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-fddaaaf9f0 advisory. 2.1900 Fixed - CVE-2025-40918 Insecure source of randomness, required addition of dependency on Crypt::URandom Changed - Modules Authen::SASL::Perl::CRAMMD5,...

[SECURITY] Fedora 41 Update: perl-Crypt-CBC-3.07-1.fc41

This is Crypt::CBC, a Perl-only implementation of the cryptographic cipher block chaining mode CBC. In combination with a block cipher such as Crypt::DES or Crypt::IDEA, you can encrypt and decrypt messages of arbitrarily long length. The encrypted messages are compatible with the encryption form...

[SECURITY] Fedora 42 Update: perl-Crypt-CBC-3.07-1.fc42

This is Crypt::CBC, a Perl-only implementation of the cryptographic cipher block chaining mode CBC. In combination with a block cipher such as Crypt::DES or Crypt::IDEA, you can encrypt and decrypt messages of arbitrarily long length. The encrypted messages are compatible with the encryption form...

Fedora 42 : perl-Crypt-CBC (2025-f7bc7b789f)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f7bc7b789f advisory. This update, to the current upstream release version, includes a fix to source random numbers using the Crypt::URandom module rather than trying to read...

Fedora: Security Advisory (FEDORA-2025-1d22f55c40)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-f7bc7b789f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2018-14662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk...

Fedora 41 : perl-Crypt-CBC (2025-1d22f55c40)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-1d22f55c40 advisory. This update, to the current upstream release version, includes a fix to source random numbers using the Crypt::URandom module rather than trying to read...