SUSE SLES15 Security Update : qemu (SUSE-SU-2026:0889-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0889-1 advisory. This update for qemu fixes the following issue: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. Tenable has...

UBUNTU-CVE-2025-14876

A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service DoS on the host system by causing the QEMU process to terminate...

Linux Distros Unpatched Vulnerability : CVE-2026-23060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec authencesn assumes...

CVE-2023-21179

In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2020-0259

In androidverityctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2024-28980

Dell RecoverPoint for VMs, versions 6.0.x contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...

PT-2023-7530 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to 2023-12-05 security patch Description: The issue is related to the APEX module framework of AOSP, where improperly used crypto could lead to a malicious update of platform components. This could result in local...

SUSE CVE-2018-14619

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each afalgctx was freed instead of when the aeadtfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user bein...

Yubico Security Keys with a Crypto Flaw

Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness ...

Weak Algorithm Vulnerability in Multiple Huawei Products

Huawei eSpace U1981 and so on are products of Huawei China. eSpace U1981 is a voice gateway product. VP9660 is a multimedia switching platform. A weak cryptographic algorithm vulnerability exists in multiple Huawei products. Exploiting the vulnerability, an unauthenticated remote attacker needs t...