Astra Linux - уязвимость в php7.3

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when AES-CCM mode is used with the opensslencrypt function and a 12-byte IV is provided, only the first 7 bytes of the IV are actually used. This can result in reduced security and incorrect encrypted data...

JLSEC-2026-243 Issue summary: A bug has been identified in the processing of key and initialisation vector (IV)...

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992922 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen inste...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992652 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen inste...

EUVD-2020-3621

Malware in sbrugna...

EUVD-2017-16797

Malware in sbrugna...

OESA-2025-1191 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)

The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...

CVE-2020-11267

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

kernel: crypto: bcm - Fix pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

SUSE CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

DEBIAN-CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

RHEL 9 : openssl (RHSA-2024:0500)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0500 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:0310 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Incorrect cipher key and IV length processing CVE-2023-5363 For more details about the security...

MGASA-2023-0317 Updated quictls packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

Mageia: Security Advisory (MGASA-2023-0313)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated openssl packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

MGASA-2023-0313 Updated openssl packages fix a security vulnerability

The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. CVE-2023-5363...

Important: openssl

Issue Overview: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of...