Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the net structure via current is not recommended for various reasons: - Inconsistency: obtaining information from th...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21640)

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy

...

DEBIAN-CVE-2025-21640

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

UBUNTU-CVE-2025-21640

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

CVE-2025-21640

Summary (CVE-2025-21640) : In the Linux kernel, the sctp: sysctl: cookie_hmac_alg path was fixed to avoid using current->nsproxy. The root cause involved dereferencing current->nsproxy (which can be NULL, e.g., when the task is exiting), leading to an OOPs condition. The patch replaces the ...

CVE-2025-21640

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

SUSE CVE-2007-1327

The SILCSERVERCMDFUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service NULL dereference and daemon crash via a request without a cipher algorithm and an invalid HMAC algorithm...

SUSE CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

PT-2022-5459 · Microsoft +7 · Windows Kerberos +9

Name of the Vulnerable Software and Affected Versions: Windows Kerberos versions prior to the update that addresses the RC4-HMAC vulnerability Samba Active Directory DC affected versions not specified Description: The issue is related to the implementation of the Kerberos protocol in Windows...

Key confusion through non-blocklisted public key formats

Impact What kind of vulnerability is it? Who is impacted? Disclosed by Aapo Oksman Senior Security Specialist, Nixu Corporation. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requir...

GHSA-R9JW-MWHQ-WP62 PyJWT vulnerable to key confusion attacks

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

CVE-2021-41106

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

Padding Oracle Attack due to Observable Timing Discrepancy in jose

jose is an npm library providing a number of cryptographic operations. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly...

PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

openSUSE Security Update : python-PyJWT (openSUSE-2015-620)

python-PyJWT was updated to fix unsafe usage of asymmetric keys in combination with HMAC algorithm bsc935544 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2015-620. The text...

RedHat Security Advisory RHSA-2009:1428

The remote host is missing updates announced in advisory RHSA-2009:1428. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using...

RedHat Security Advisory RHSA-2009:1428

The remote host is missing updates announced in advisory RHSA-2009:1428. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using...

Moderate: Red Hat Security Advisory: xmlsec1 security update

Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the...

Design/Logic Flaw

The SILCSERVERCMDFUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service NULL dereference and daemon crash via a request without a cipher algorithm and an invalid HMAC algorithm...