The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueue_push() function allows a attacker to disclose sensitive information.

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueuepush function is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to disclose protected information through the...

Fedora: Security Advisory (FEDORA-2025-0a8c805972)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1491

A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach...

CVE-2020-13895

Crypt::Perl::ECDSA in the Crypt::Perl aka p5-Crypt-Perl module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 prime256v1. This could conceivably have a security-relevant impact if an attacker wishes ...

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

CVE-2020-17478

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm...

CVE-2019-1010263

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

CVE-2019-1010161

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in decodejws. The attack vector is: network connectivitycrafting user-controlled input to bypass authentication. The fixed...

CLSA-2025-1747725447 kernel: Fix of 35 CVEs

ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 - drm/amdgpu: Fix potential out-of-bounds access in 'amdgpudiscoveryregbaseinit' CVE-2024-27042 - dm-crypt: don't modify the data when using authenticated encryption...

CLSA-2025-1747688514 kernel: Fix of 19 CVEs

block: Fix handling of offline queues in blkmqallocrequesthctx CVE-2022-49720 - drm: nv04: Fix out of bounds access CVE-2024-27008 - parport: Proper fix for array out-of-bounds access CVE-2024-50074 - drm/dpmst: Ensure mstprimary pointer is valid in drmdpmsthandleupreq CVE-2024-57798 - media:...

Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2025-967)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-967 advisory. OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

anti-debugging (=0.0.0), capcom0 (=0.1.1) +9 more potentially affected by CVE-2024-58253 via obfstr (>=0.1.1 <=0.3.0)

obfstr CARGO version =0.1.1, =0.7.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =1.0.3, =0.1.0, =0.6.0, =0.6.0, =0.11.0 Source cves: CVE-2024-58253 Source advisory: OSV:GHSA-V2P5-Q653-9J99...

DEBIAN-CVE-2023-53051

In the Linux kernel, the following vulnerability has been resolved: dm crypt: add condresched to dmcryptwrite The loop in dmcryptwrite may be running for unbounded amount of time, thus we need condresched in it. This commit fixes the following warning: 3391.153255 C12 watchdog: BUG: soft lockup -...

CVE-2023-53051

In the Linux kernel, the following vulnerability has been resolved: dm crypt: add condresched to dmcryptwrite The loop in dmcryptwrite may be running for unbounded amount of time, thus we need condresched in it. This commit fixes the following warning: 3391.153255 C12 watchdog: BUG: soft lockup -...

CVE-2023-53051 dm crypt: add cond_resched() to dmcrypt_write()

In the Linux kernel, the following vulnerability has been resolved: dm crypt: add condresched to dmcryptwrite The loop in dmcryptwrite may be running for unbounded amount of time, thus we need condresched in it. This commit fixes the following warning: 3391.153255 C12 watchdog: BUG: soft lockup -...

openSUSE 15 Security Update : perl-Data-Entropy (openSUSE-SU-2025:0123-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:0123-1 advisory. Updated to 0.8.0 0.008: see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: Use Crypt::URandom to seed the default algorithm...

Vulnerability of the stm32_cryp_irq_thread() function – the driver of the Linux kernel cryptographic accelerator, allowing a hacker to cause a service failure

The vulnerability of the stm32crypirqthread function in the Linux kernel cryptographic acceleration driver is related to the multiple locking of critical resources. Exploiting this vulnerability could allow an attacker to cause a system failure...