Lucene search
K

5397 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in gnupg1

Libgcrypt before version 1.7.8 is vulnerable to a cache-side-channel attack that can lead to a complete failure of the RSA-1024 algorithm. This attack occurs when the left-to-right method is used for computing the sliding-window expansion. It is believed that the same attack also works on the...

6.8CVSS7AI score0.03885EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qat – A memory leak has been fixed in RSA operations. When a RSA key is represented in Form 2 as defined in PKCS 1 V2.1, some components of the private key persist even after the TFM Transaction Framework is released. To...

5.5CVSS6.2AI score0.00249EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – Fixed unexpected pointer access in mpiecinit When the mpiecctx structure is initialized, some fields are not cleared, resulting in a crash when referencing those fields after the structure is released. Initially...

5.5CVSS5.3AI score0.0023EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error:...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in python-cryptography

A flaw was discovered in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which could result in the exposure of confidential or sensitive data...

7.5CVSS7.4AI score0.01118EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an warning in ext4updateinlinedata. Syzbot identified the following issue: EXT4-fs loop0: Mounted a filesystem with ID 00000000-0000-0000-0000-000000000000 without a journal. Quota mode: none. fscrypt: Uses...

5.5CVSS6.4AI score0.00167EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/18 8:5 p.m.19 views

USN-8447-2: LXD vulnerabilities

USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in LXD for CVE-2026-39830, CVE-2026-39833, CVE-2026-39834, and CVE-2026-42508. Original advisory details: It was discovered that Go Cryptography did not properly...

9.1CVSS5.8AI score0.005EPSS
Exploits0
OSV
OSV
added 2026/06/18 8:5 p.m.5 views

USN-8447-2 lxd vulnerabilities

USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in LXD for CVE-2026-39830, CVE-2026-39833, CVE-2026-39834, and CVE-2026-42508. Original advisory details: It was discovered that Go Cryptography did not properly...

9.1CVSS5.8AI score0.005EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.6 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.3AI score0.00621EPSS
Exploits0References8
CVE
CVE
added 2026/06/17 2:19 p.m.16 views

CVE-2026-40641

CVE-2026-40641 affects Dell PowerFlex Manager, version 4.6.0.1. The vulnerability is a Use of a Broken or Risky Cryptographic Algorithm . An unauthenticated attacker with remote access could exploit it to cause information disclosure and information tampering . The CVSS metrics indicate a network...

4.8CVSS5.9AI score0.001EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/17 2:19 p.m.2 views

CVE-2026-40641

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering...

4.8CVSS5.9AI score0.001EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 1:43 p.m.5 views

USN-8447-1 golang-go.crypto vulnerabilities

It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker could possibly use this issue to cause a denial of service. CVE-2026-39830 It was discovered that Go Cryptography did not properly verify user presence when using FIDO/U2F security keys...

10CVSS5.7AI score0.005EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 7:4 a.m.4 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities in the cryptography package

Summary IBM Cloud Pak for Data System CPDS 1.0 uses the Python cryptography package, which is affected by multiple security vulnerabilities. CVE-2026-34073 involves improper certificate validation where DNS name constraints are only validated against SANs within child certificates and not the "pe...

9.8CVSS5.5AI score0.00652EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 6:42 a.m.4 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by broken or risky algorithm.

Summary bcprov-jdk18on-1.81.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-14813, CVE-2026-5598. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all cor...

9.9CVSS5.3AI score0.00691EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/16 11:8 p.m.12 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.3AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/06/16 10:30 p.m.13 views

USN-8440-1 linux-azure-6.8 vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS7.6AI score0.96267EPSS
Exploits282References394
EUVD
EUVD
added 2026/06/16 9:32 p.m.9 views

EUVD-2026-37176

In iavbparsekeydata of avbrsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00069EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/16 6:52 a.m.7 views

Weak Cryptography

Spring Web Services is vulnerable to Weak Cryptography. The vulnerability is due to Wss4jSecurityInterceptor defaulting allowRSA15KeyTransportAlgorithm to true, causing inbound WS-Security decryption to accept the weaker RSA PKCS1 v1.5 rsa-15 key transport algorithm instead of Apache WSS4J's safe...

4.8CVSS5.2AI score0.00129EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/16 2:30 a.m.10 views

SUSE CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/06/16 12:0 a.m.13 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL...

8.8CVSS6.8AI score0.02945EPSS
Exploits0References6
Rows per page
Query Builder