PT-2026-44758

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

PT-2026-44829

Weak authentication between the Wireless Control Module WCM and the Engine Control Module ECM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of freed requested memory after an asynchronous cryptographic operation, which could result in inval...

EUVD-2024-3394

Malicious code in bioql PyPI...

BIT-NODE-MIN-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

IBM Semeru Runtime 安全漏洞

IBM Semeru Runtime is an open source Java runtime environment provided by IBM , based on the Eclipse Adoptium project , support for a variety of operating systems and architectures , to provide high-performance and high-reliability running platform for Java applications . A denial of service...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

CVE-2024-11862

CVE-2024-11862 affects Devolutions.XTS.NET (versions 2024.11.19 and earlier). The issue is a non-constant-time cryptographic operation in the Galois Field multiplications used by XTS mode, which can enable timing attacks that render half of the encryption key obsolete and downgrade security towar...

SuperAGI Security Vulnerability

SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A security vulnerability exists in SuperAGI version v0.0.13, which stems from a cryptographic operation using a hard-coded key that...

CVE-2021-32032

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation in the event of a failure can prevent the abort operation in the associated cryptographic library from freeing internal resources, causing a memory leak...

Memory corruption

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation in the event of a failure can prevent the abort operation in the associated cryptographic library from freeing internal resources, causing a memory leak...

CVE-2021-32032

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation in the event of a failure can prevent the abort operation in the associated cryptographic library from freeing internal resources, causing a memory leak...

CVE-2021-32032

Trusted Firmware-M (TF-M) up to version 1.3.0 is affected by CVE-2021-32032. The issue arises when cleaning up memory for a multi-part cryptographic operation after a failure: the abort() path in the cryptographic library may fail to free internal resources, causing a memory leak. The CVE entry n...

oBike Electronic Lock Bypass

CVE-2018-16242 - oBike Electronic Lock Bypass Product: oBike bicycle-sharing service Vendor: oBike Inc. CVE ID: CVE-2018-16242 Subject: Access control bypass by replay attack on predictable nonce Effect: Unauthorized unlocking of bikes, cirumventing the ride-fees Author: Antoine Neuenschwander...

MGASA-2018-0292 Updated gnupg gnupg2 packages fix a security vulnerability

Updated gnupg, gnupg2, and python-gnupg packages fix security vulnerability: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that wou...

USN-3675-2: GnuPG 2 vulnerability

USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GnuPG vulnerabilities (USN-3675-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3675-1 advisory. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when...

Mozilla Network Security Services library memory leak

256 bytes are leaked on every RSA cryptographic operation...