PT-2026-26589

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key default please change this key is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated...

Malicious code in python-module-installer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bfa181c5afb9e33e0d529138c813fc05d8130062182d9d1a5cb4ef9c8da0ea The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

CVE-2025-48507

The security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC...

EUVD-2025-198576

The security state of the calling processor into Arm® Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC...

CVE-2025-48507

The security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC...

CVE-2025-48507

The security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC...

CVE-2025-48507

CVE-2025-48507 concerns the unused security state of the calling processor in Arm Trusted Firmware (TF-A) , which could allow a non-secure processor to access secure memories , perform privileged cryptographic operations , and control subsystems within the SOC. Documented exposure stems from AMD-...

CVE-2025-48507

The security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC...

PT-2025-47853

Name of the Vulnerable Software and Affected Versions Arm® Trusted Firmware TF-A affected versions not specified Description The security state of the calling processor when entering Arm® Trusted Firmware TF-A is not properly utilized. This could allow processors operating in a non-secure state t...

Missing Use of the Secure Flag in Zynq™ UltraScale+™ SoC Trusted Firmware

Summary A researcher reported that the security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability turn on and off subsystems within the SoC...

CVE-2024-53185 smb: client: fix NULL ptr deref in crypto_aead_setkey()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

kernel: tls: handle backlogging of crypto requests

A flaw was found in the tls subsystem of the Linux kernel. When setting the CRYPTOTFMREQMAYBACKLOG flag on requests to the crypto API, cryptoaeadencrypt and cryptoaeaddecrypt functions can return -EBUSY instead of -EINPROGRESS in valid situations. This issue could lead to undefined behavior and a...

Missing SafeMath

Handle adelamo Vulnerability details Here more info: --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2017-11056

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kernel space potentially leading to a page fault...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0041)

The remote OracleVM system is missing necessary patches to address critical security updates : - vfs: read filehandle only once in handletopath Sasha Levin Orabug: 25388709 CVE-2015-1420 - crypto: algifhash - Only export and import on sockets with data Herbert Xu Orabug: 25417807 - USB: usbfs: fi...