Astra Linux - уязвимость в thunderbird

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way, Thunderbird repeatedly attempts to process and display the message. This could cause Thunderbird’s user interface to lock up and no longer respond to the user’s actions. An attacker could send a crafted message with this...

CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

CVE-2026-29131 PGP Decryption Recipient LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

CVE-2025-15467

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

Amazon AWS SDK for PHP 安全漏洞

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services based on the PHP platform from Amazon.com, USA. A security vulnerability exists in Amazon AWS SDK for PHP that stems from a lack of cryptographic key commitment, which could cause a user with write access to the S3 stora...

AWS SDK for Ruby 安全漏洞

AWS SDK for Ruby is an open source developer toolkit for Ruby from Amazon Web Services. A security vulnerability exists in AWS SDK for Ruby that stems from a lack of cryptographic key promises, which could cause a user with write access to an S3 storage bucket to introduce a new EDK that decrypts...

Amazon S3 Encryption Client for .NET 安全漏洞

Amazon S3 Encryption Client for .NET is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client for .NET that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage buck...

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2025:4200-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4200-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150600.10.34 fixes various security issues The following security issues were fixed: -...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2021-43396)

DISPUTED In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the vendor...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2023-28531)

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2020-36226)

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-bvlen miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEV...

EUVD-2013-5025

Malware in sbrugna...

EUVD-2024-40256

Malicious code in bioql PyPI...

CVE-2023-2747

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

SUSE CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

PT-2022-11531 · Siemens · Ruggedcom M2100 +49

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM i800 RUGGEDCOM i801 RUGGEDCOM i802 RUGGEDCOM i803 RUGGEDCOM M2100 RUGGEDCOM M2100F RUGGEDCOM M2200 RUGGEDCOM M2200F RUGGEDCOM M969 RUGGEDCOM M969F RUGGEDCOM RMC30 RUGGEDCOM RMC8388 versions 4.X through 5.X RUGGEDCOM RP110 RUGGEDCOM...

PT-2021-20531 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: libtpms versions prior to 0.8.2 Description: A flaw in libtpms, specifically in its integration with OpenSSL, relates to the handling of the initialization vector IV when using certain symmetric ciphers. The issue causes the return of the...