ROS-20251215-7306

A vulnerability in the perl-Crypt-OpenSSL-RSA package of Red Hat Enterprise Linux operating systems is related to information disclosure through a mismatch. Exploitation of the vulnerability could allow an attacker acting remotely to implement the Bleichenbacher attack...

EUVD-2025-202846

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled valuelen...

CVE-2025-40295 fscrypt: fix left shift underflow when inode->i_blkbits > PAGE_SHIFT

In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix left shift underflow when inode-iblkbits PAGESHIFT When simulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, an error trace appears during partition table reading at boot...

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

A new Android malware named Albiriox has been advertised under a malware-as-a-service MaaS model to offer a "full spectrum" of features to facilitate on-device fraud ODF, screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list comprising over 400...

Mageia: Security Advisory (MGASA-2025-0287)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

MGASA-2025-0287 Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989763)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989763 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will b...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a use-after-free in cryptmessage when using asynchronous crypto. The fix for CVE-2024-50047 removes the asynchronous crypto handling from cryptmessage, provided that all crypto operations are synchronous...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be split according to the dm-crypt internal limits defined by the maxreadsize and maxwritesize modul...

builder-addon-pca (>=0.0.1 <=0.0.3), configparser-crypt (>=0.6.2 <=1.1.0) +5 more potentially affected by CVE-2025-63675 via cryptidy (=1.2.4)

cryptidy PYPI version =1.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on cryptidy and may be impacted: - builder-addon-pca =0.0.1, =0.6.2, =1.4.0, =0.2.0, =2.2.0rc6, =0.9.0, =0.0.4, =1.0.6 Source cves: CVE-2025-63675 Source advisory:...

Fedora: Security Advisory (FEDORA-2025-ea58b959cd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-HQ76-6GH2-5G4Q Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

EUVD-2025-35831

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essivaeadcrypt so that it's also checked for decryption and in-place encryption...

Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

CVE-2025-2884 is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. CERT/CC created this CVE on their behalf. The documente...

EUVD-2018-6557

Malware in sbrugna...

EUVD-2011-3154

Malware in sbrugna...

EUVD-2013-2138

Malware in sbrugna...

EUVD-2015-5265

Malware in sbrugna...

EUVD-2000-0249

Malware in sbrugna...