210 matches found
MiracleLinux 8 : cryptsetup-2.3.3-2.el8 (AXSA:2021-1216:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1216:01 advisory. cryptsetup: Out-of-bounds write when validating segments CVE-2020-14382 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 8 : cryptsetup-2.3.3-4.el8.1 (AXSA:2022-3029:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3029:01 advisory. cryptsetup: disable encryption via header rewrite CVE-2021-4122 Tenable has extracted the preceding description block directly from the MiracleLinux security...
SUSE CVE-2025-58356
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...
CVE-2025-58356
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...
GHSA-F5P4-P5Q5-JV3H Contrast has insecure LUKS2 persistent storage partitions may be opened and used
Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...
Contrast has insecure LUKS2 persistent storage partitions may be opened and used
Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...
CVE-2025-58356
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to unsafe handling of null keyslot algorithms in the cryptactivatebypassphrase function. An attacker can gain unauthorized access to unencrypted persistent storage by exploiting the...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to unsafe handling of null keyslot algorithms in the cryptactivatebypassphrase function. An attacker can gain unauthorized access to unencrypted persistent storage by exploiting the...
CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...
CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...
CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions
Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...
CVE-2025-58356
Constellation uses LUKS2-encrypted volumes for persistent storage in a Confidential Kubernetes setup. The vulnerability arises when opening an encrypted device via crypt_activate_by_passhrase because cryptsetup 2.8.1 mishandles null keyslot algorithms, which can cause a volume to be opened withou...
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used
Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...
GHSA-HQ76-6GH2-5G4Q Constellation has insecure LUKS2 persistent storage partitions which may be opened and used
Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...
PT-2025-44025
Name of the Vulnerable Software and Affected Versions Constellation versions prior to 2.24.0 Description Constellation is a Confidential Kubernetes platform that utilizes LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the system employs the crypt activat...
EUVD-2016-5471
Malware in sbrugna...
EUVD-2020-6522
Malware in sbrugna...
EUVD-2021-33997
Malicious code in bioql PyPI...
TencentOS Server 3: cryptsetup (TSSA-2022:0008)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0008 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...