IBM多款产品 加密问题漏洞

IBM Verify Identity Access Container is an identity and access management solution for providing secure single sign-on and access control. A weak cryptographic algorithm vulnerability exists in IBM Verify Identity Access Container. The vulnerability stems from the product's use of a...

Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

rust-openssl has incorrect bounds assertion in aes key wrap

Summary aes::unwrapkey has an incorrect bounds assertion on the out buffer size, which can lead to out-of-bounds write. Details aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013760)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013760 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the leakage of SKBs during asynchronous encryption with espintcp, potentially leading to memory...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013424)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013424 advisory. The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs...

CVE-2026-3505

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.4

Red Hat OpenShift Service Mesh 3.2.4 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.2....

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Overview For executive leadership, the emergence of Kyber ransomware represents a significant and immediate threat due to its specialized, dual-platform deployment capability targeting mission-critical virtualization infrastructure VMware ESXi and core Windows file systems. This cross-platform...

CVE-2025-31981

HCL BigFix Service Management (SM) Discovery is affected by unenforced encryption caused by HTTP port 80 being open. An attacker with network access can sniff unencrypted traffic, potentially exposing data (Confidentiality impact: LOW per CVSS). The provided documents do not specify a remediation...

CVE-2025-31981 HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption

HCL BigFix Service Management SM Discovery is vulnerable to unenforced encryption due to port 80 HTTP being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data...

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant...

I2P 2.12.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013143 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make encdechypercall accept a size instead of npages encdechypercall accepted a page cou...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013195 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010738 advisory. The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs...

Microsoft ASP.NET Core 数据伪造问题漏洞

Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core has a vulnerability related to data manipulation, caused by...

Fortra GoAnywhere 安全漏洞

Fortra GoAnywhere is a secure file transfer solution provided by the American company Fortra. There were security vulnerabilities in versions of Fortra GoAnywhere MFT 7.10.0 and earlier, as well as in GoAnywhere Agents 2.2.0 and earlier. These vulnerabilities stemmed from the use of static IVs fo...