Amazon Linux 2023 : nerdctl (ALAS2023-2025-980)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-980 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

CVE-2024-0047

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...

PT-2024-15320 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code of UserManagerService.java causes device policies to be serialized with an incorrect tag. This can lead to a local denial of service when policies are deserialized...