CLSA-2026-1780062952 Fix CVE(s): CVE-2026-28389

SECURITY UPDATE: NULL pointer dereference in CMS EnvelopedData processing when a KeyAgreeRecipientInfo message omits the optional parameters field of KeyEncryptionAlgorithmIdentifier. Both dhcmssetsharedinfo and ecdhcmssetsharedinfo dereference alg-parameter without a NULL check, allowing a remot...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend CVE-2025-40252 kernel: crypto: asymmetricke...

CLSA-2026-1777297012 openssl: Fix of 3 CVEs

CVE-2026-28388: fix NULL dereference in checkdeltabase when a Delta CRL lacks the CRL Number extension - CVE-2026-28389: fix NULL dereference in dh/ecdhcmssetsharedinfo when KeyEncryptionAlgorithmIdentifier has no parameters field - CVE-2026-28390: fix NULL dereference in rsacmsdecrypt when the...

IBM Verify Identity Access Container Weak Encryption Algorithm Vulnerability

IBM Verify Identity Access Container is an identity and access management solution for providing secure single sign-on and access control. A weak cryptographic algorithm vulnerability exists in IBM Verify Identity Access Container. The vulnerability stems from the product's use of a...

Amazon AWS Encryption SDK 安全漏洞

Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...

IBM Aspera Shares Encryption Problem Vulnerability (CNVD-2026-16873)

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a specially crafted CMS EnvelopedData message with a missing optional parameters field in the KeyEncryptionAlgorithmIdentifier, leading to ...

ALPINE-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

EUVD-2020-3416

Malware in sbrugna...

EUVD-2014-0927

Malware in sbrugna...

EUVD-2020-17871

Malware in sbrugna...

EUVD-2022-0887

Malicious code in bioql PyPI...

EUVD-2022-52229

Malicious code in bioql PyPI...

Linksys E5600 安全漏洞

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version 1.1.0.26, which originates from the presence of a risky encryption algorithm in the file checkFw.sh in the component Firmware Handler...

IBM Sterling Secure Proxy 安全漏洞

IBM Sterling Secure Proxy is an application agent from International Business Machines IBM used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A security vulnerability exists in IBM Sterling Secure Proxy that stems from the use of a weak encryption algorithm tha...

CVE-2024-33662

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...

CVE-2019-19411

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

Security Bulletin: UC Deploy Container images may contain non-unique https certificates and database encryption key. (CVE-2021-39082 )

Summary CVE-2021-39082 The provided UC Deploy Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. Vulnerability Details...