CVE-2025-14972

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

SUSE-SU-2026:1775-1 Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.37 fixes one security issue The following security issue was fixed: - CVE-2026-31431: crypto: algifaead - Revert to operating out-of-place bsc1263689...

Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. CVE-2025-39977: futex: Prevent use-after-free during...

Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. CVE-2025-71066: net/sched: ets: Always remove class from active list before...

Important: kernel-livepatch-5.10.251-248.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

RLSA-2026:2920 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 grafana/grafana/pkg/services/dashboards: Grafana...

Linux Distros Unpatched Vulnerability : CVE-2025-71131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous...

EUVD-2023-25526

Malicious code in bioql PyPI...

EUVD-2023-25283

Malicious code in bioql PyPI...

CVE-2022-50171

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error:...

CVE-2023-21179

In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Upgraded Q -> M from 69 [1661781432655]

Judge has assessed an item in Issue 69 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Design/Logic Flaw

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

SAP NetWeaver J2EE Engine 7.40 SQL Injection

!/usr/bin/env python coding=utf-8 """ Author: Vahagn Vardanyan https://twitter.com/vah13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL injection CVE-2016-2386 vulnerability in SAP...

SAP NetWeaver J2EE Engine 7.40 - SQL Injection Exploit

Exploit for multiple platform in category web applications !/usr/bin/env python coding=utf-8 """ Author: Vahagn Vardanyan https://twitter.com/vah13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon...

SAP NetWeaver J2EE Engine 7.40 - SQL Injection

SAP NetWeaver J2EE Engine 7.40 - SQL Injection !/usr/bin/env python coding=utf-8 """ Author: Vahagn Vardanyan https://twitter.com/vah13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL...

SAP NetWeaver J2EE Engine 7.40 - SQL Injection

!/usr/bin/env python coding=utf-8 """ Author: Vahagn Vardanyan https://twitter.com/vah13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL injection CVE-2016-2386 vulnerability in SAP...

DEBIAN-CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

Black Hat 2015 Going Dark Cryptography Presentation

LAS VEGAS – Try as they might, technologists are struggling to find a feasible way to solve the government’s and law enforcement’s “Going Dark” crypto issue. Cryptographer Matthew Green and D.C. intellectual property attorney James Denaro today during a talk at the Black Hat conference made no...