kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

CVE-2026-22699

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

EUVD-2026-1875

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

[SECURITY] Fedora 43 Update: libsodium-1.0.21-2.fc43

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of t...

RustCrypto: Elliptic Curves 输入验证错误漏洞

RustCrypto: Elliptic Curves is a Rust cryptographic library open-sourced by Rust Crypto. An input validation error vulnerability exists in RustCrypto: Elliptic Curves version 0.14.0-pre.0 and 0.14.0-rc.0, which stems from a failure to check for invalid elliptic curve points in the decryption path...

PT-2026-2249

Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The RustCrypto Elliptic Curves library provides general purpose Elliptic Curve Cryptography ECC support. A denial-of-service issue exists in the SM2 PKE decryption path where an...

SM2-PKE has 32-bit Biased Nonce Vulnerability

Summary A critical vulnerability exists in the SM2 Public Key Encryption PKE implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. Th...

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2021-27392

A vulnerability has been identified in Siveillance Video Open Network Bridge 2020 R3, Siveillance Video Open Network Bridge 2020 R2, Siveillance Video Open Network Bridge 2020 R1, Siveillance Video Open Network Bridge 2019 R3, Siveillance Video Open Network Bridge 2019 R2, Siveillance Video Open...

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2019-18256

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit...

CVE-2020-7515

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password...

CVE-2020-12712

A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...

CVE-2024-39846

NewPass before 1.2.0 stores passwords rather than password hashes directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use...