CVE-2025-62705

A flaw was found in OpenBao. The audit log does not properly redact sensitive fields when relevant subsystems return byte response parameters instead of strings. This includes, but is not limited to, sys/raw with use of encoding=base64, causing all data to be emitted unredacted to the audit log,...

OpenBao and Vault Leak []byte Fields in Audit Logs

Impact OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to: - sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log. - Transit, when performing...

GHSA-RC54-2G2C-G36G OpenBao and Vault Leak []byte Fields in Audit Logs

Impact OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to: - sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log. - Transit, when performing...

PT-2025-43411

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.4.2 Description The audit log in OpenBao did not properly redact sensitive fields when subsystems sent byte arrays instead of strings as response parameters. This affected functionalities such as sys/raw with base64...

Usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys

Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control. Solution Usin...

CVE-2020-9283

A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server...

Vulnerability fixed in Red Hat OpenShift Container Platform

A vulnerability has been fixed in Red Hat OpenShift Container Platform. The vulnerability allows a malicious party to cause a Denial-of-Service by offering specially prepared ed25519 SSH keys. Red Hat has made updates available for Red Hat OpenShift Container Platform . You can install these...

golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic

A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server...

golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic

A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server...

Low: Red Hat Security Advisory: OpenShift Container Platform 4.4.14 ose-cluster-machine-approver-container security update

An update for ose-cluster-machine-approver-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

openssh security, bug fix and enhancement update

6.6.1p1-11 + 0.9.3-9 - fix direction in CRYPTOSESSION audit message 1171248 6.6.1p1-10 + 0.9.3-9 - add new option GSSAPIEnablek5users and disable using /.k5users by default CVE-2014-9278 1169843 6.6.1p1-9 + 0.9.3-9 - log via monitor in chroots without /dev/log 1083482 6.6.1p1-8 + 0.9.3-9 - increa...