CVE-2025-34192 Vasion Print (formerly PrinterLogic) Usage of Outdated and Unsupported OpenSSL Version

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 macOS/Linux client deployments are built against OpenSSL 1.0.2h-fips released May 2016, which has been end-of-life since 2019 and is no longer supported by the OpenSSL...

EulerOS 2.0 SP13 : nss (EulerOS-SA-2025-1996)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is...

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-ext-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An...

CVE-2025-52473

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels...

PT-2025-29131 · Liboqs · Liboqs

Name of the Vulnerable Software and Affected Versions: liboqs versions prior to 0.14.0 Description: liboqs is a C-language cryptographic library providing post-quantum cryptography algorithm implementations. Secret-dependent branches were identified in the HQC key encapsulation mechanism referenc...

[SECURITY] Fedora 42 Update: mbedtls-3.6.4-1.fc42

Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their embedded applications with as little hassle as possible...

CVE-2025-48946

CVE-2025-48946 concerns the liboqs library (C), specifically the HQC algorithm implemented in versions prior to 0.13.0. The root cause is a theoretical design flaw in HQC that can lead to large numbers of malformed ciphertexts sharing the same implicit rejection value. The public descriptions sta...

CVE-2024-22192

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...

USN-7278-1: OpenSSL vulnerabilities

George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations. A remote attacker could possibly use this issue to recover private data. CVE-2024-13176 It was discovered that OpenSSL incorrectly handled certain memory operations...

CVE-2024-54137 liboqs has a correctness error in HQC decapsulation

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treat...

CVE-2024-54137

Removed by vendor...

CLSA-2024-1730917239 Update of nss

update to CKBI 2.70 from NSS 3.104 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "certSIGN ROOT CA" - Certificate "ACCVRAIZ1" - Certificate "OISTE WISeKey Global Root GC CA" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed certificates:...

OESA-2024-2330 botan2 security update

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

[SECURITY] Fedora 41 Update: mbedtls3.6-3.6.2-1.fc41

Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their embedded applications with as little hassle as possible...

PT-2024-7940

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.6.0 Description The issue is related to a compiler-induced secret-dependent operation in the lib/utils/donna128.h component of the Botan cryptographic library. This can lead to information disclosure through...

ROS-20241001-13

A vulnerability in the Botan C++ cryptographic library is related to asymmetric resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the C++ Botan cryptographic library is related to errors in parsing...

NASA CryptoLib 安全漏洞

NASA CryptoLib is a highly optimized cryptographic library from the National Aeronautics and Space Administration NASA designed to provide software developers with a clean and easy-to-use cryptographic toolset. A security vulnerability exists in NASA CryptoLib version 1.3.0, which stems from the...

USN-7018-1: OpenSSL vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

ROS-20240916-04

A vulnerability in the PrivateDecrypt function of the cryptographic library of the Node.js software platform is related to the following use of hidden side channels as a result of time discrepancy between decryption of valid and invalid encrypted texts based on the PKCS1 v1.5.5 cryptography...

[SECURITY] Fedora 41 Update: mbedtls-2.28.9-1.fc41

Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their embedded applications with as little hassle as possible...