kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

Astra Linux - уязвимость в opensc

A flaw was discovered in OpenSC packages that could allow for a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length PIN is passed. This issue poses a security risk, especially for OS...

[SECURITY] Fedora 44 Update: opensc-0.27.1-1.fc44

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so...

Timing Attack

Bouncy Castle is vulnerable to Timing Attack. The vulnerability is due to timing discrepancies in cryptographic operations within the FrodoEngine component, which allows an attacker to infer sensitive information through timing analysis...

[SECURITY] Fedora 42 Update: opensc-0.27.1-1.fc42

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so...

[SECURITY] Fedora 43 Update: opensc-0.27.1-1.fc43

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the muldi3 process. An attacker can infer sensitive cryptographic data by measuring execution time variations during cryptographic operations on RISC-V RV32I architectures. Remediation Upgrade wolfssl to version...

CVE-2025-48507

The security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC...

AMD Zynq UltraScale+ 安全漏洞

AMD Zynq UltraScale+ is a multiprocessor system-on-chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Zynq UltraScale+ that originates from the unused security state of the calling processor and could result in a non-secure processor accessing secure memory or cryptograph...

EUVD-2021-18898

Malware in sbrugna...

EUVD-2020-18819

Malware in sbrugna...

EUVD-2019-18839

Malware in sbrugna...

EUVD-2021-0764

Malware in sbrugna...

EUVD-2023-45216

Malicious code in bioql PyPI...

USN-7617-1 libtpms vulnerability

It was discovered that libtpms did not properly manage memory when performing crafted cryptographic operations. An attacker could possibly use this issue to cause a denial of service...

USN-7617-1: libtpms vulnerability

It was discovered that libtpms did not properly manage memory when performing crafted cryptographic operations. An attacker could possibly use this issue to cause a denial of service...

Zynq™ UltraScale+™ SoC Overwriting Protected Memory Regions Through PMU Firmware

AMD ID: AMD-SB-8008 Potential Impact: Loss of confidentiality and Integrity Severity: Medium Summary In Zynq™ UltraScale+™ devices, the Platform Management Unit PMU Firmware is designed to implement runtime post boot software services that allow a remote processor to command the PMU to execute...

CVE-2025-0036

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime post-boot cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data...

CVE-2025-0036

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime post-boot cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data...

Important: nodejs20

Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...