5444 matches found
[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.22-1.fc44
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Go Cryptography vulnerabilities (USN-8519-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8519-1 advisory. Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly handled SSH agent responses. A...
ROOT-APP-PYPI-CVE-2026-39892 CVE-2026-39892 in rootio-cryptography - Patched by Root
Root has patched CVE-2026-39892 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-537C-GMF6-5CCF GHSA-537c-gmf6-5ccf in rootio-cryptography - Patched by Root
Root has patched GHSA-537c-gmf6-5ccf in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
USN-8519-1: Go Cryptography vulnerabilities
Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly handled SSH agent responses. An attacker could use this to cause a denial of service. CVE-2025-47913 Yuichi Watanabe discovered that Go Cryptography incorrectly handled SSH key exchanges. An attacker could use this to caus...
ROOT-APP-PYPI-CVE-2026-26007 CVE-2026-26007 in rootio-cryptography - Patched by Root
Root has patched CVE-2026-26007 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-34073 CVE-2026-34073 in rootio-cryptography - Patched by Root
Root has patched CVE-2026-34073 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...
ROOT-APP-PYPI-CVE-2024-12797 CVE-2024-12797 in rootio-cryptography - Patched by Root
Root has patched CVE-2024-12797 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
ROOT-APP-PYPI-CVE-2023-50782 CVE-2023-50782 in rootio-cryptography - Patched by Root
Root has patched CVE-2023-50782 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-49083 CVE-2023-49083 in rootio-cryptography - Patched by Root
Root has patched CVE-2023-49083 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-0286 CVE-2023-0286 in rootio-cryptography - Patched by Root
Root has patched CVE-2023-0286 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
CVE-2026-46354
Summary: A PKCS#7 signature bypass in Coder (Coder v2 before patches) allows unauthenticated token theft via Azure instance identity. The issue stems from azureidentity.Validate() validating only the signer certificate chain, not the signature itself, enabling forged PKCS#7 envelopes containing a...
Security Bulletin: QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar App SDK has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION:...
CVE-2026-14969
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...
Important: Red Hat Security Advisory: buildah security update
An update for buildah is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CVE-2026-43867
The CVE concerns Apache Camel’s PQC component where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() Base64-decodes and deserializes persisted KeyMetadata via a raw java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allow-list. A user who can write to the confi...
PT-2026-56040
Name of the Vulnerable Software and Affected Versions Minosoft affected versions supporting Minecraft protocol 1.7 and later Description The CryptManager encryption routine in CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret key instead ...