Lucene search
+L

557 matches found

SUSE CVE
SUSE CVE
added 2026/01/17 12:25 a.m.4 views

SUSE CVE-2025-71131

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

5.5CVSS6.5AI score0.00114EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004312 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of...

7.8CVSS6.5AI score0.0015EPSS
Exploits0References4
NVD
NVD
added 2026/01/14 3:16 p.m.11 views

CVE-2025-71131

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

5.5CVSS0.00114EPSS
Exploits0References8
CVE
CVE
added 2026/01/14 3:7 p.m.39 views

CVE-2025-71131

The CVE-2025-71131 in the Linux kernel is resolved. The issue was in crypto: seqiv where a request’s iv could be dereferenced after async completion of crypto_aead_encrypt, because the underlying request may be freed. The fix creates a new variable unaligned_info and uses it for the iv check, pre...

5.5CVSS6.2AI score0.00114EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/14 3:7 p.m.6 views

CVE-2025-71131

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

5.2AI score0.00114EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/01/14 3:7 p.m.33 views

CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

0.00114EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/13 7:21 p.m.27 views

CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

8.7CVSS0.00202EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 7:21 p.m.12 views

CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

8.7CVSS6.7AI score0.00202EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/13 2:51 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in SecurityIO.groovy. An attacker...

8.7CVSS6.8AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 2:51 p.m.6 views

GHSA-CRXP-CHH4-9GHP Jervis has Deterministic AES IV Derivation from Passphrase

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL866-L874...

8.7CVSS6.8AI score0.00202EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Jervis 安全漏洞

Jervis is an automation tool from the individual developer Sam Gleske. A security vulnerability exists in versions prior to Jervis 2.2 that stems from the deterministic derivation of AES IV from passwords, which could lead to cryptographic vulnerabilities...

8.7CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.10 views

PT-2026-2494

CVE-2025-68701 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. Thi… https://t.co/yRJFluABgT...

8.7CVSS6.9AI score0.00202EPSS
Exploits0References4
OSV
OSV
added 2026/01/05 12:0 a.m.3 views

UBUNTU-CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

5.5CVSS5.8AI score0.0007EPSS
Exploits1References5
CVE
CVE
added 2026/01/02 7:5 p.m.36 views

CVE-2026-21444

CVE-2026-21444 affects libtpms when integrated with OpenSSL 3.x, with vulnerable versions 0.10.0 and 0.10.1. The issue is that the library returns the initial IV instead of the last IV for certain symmetric ciphers, weakening confidentiality. Affected deployments using OpenSSL 3.x are at risk of ...

5.5CVSS6.5AI score0.0007EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/02 7:5 p.m.5 views

CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

5.5CVSS6.5AI score0.0007EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992922 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen inste...

5.5CVSS6.2AI score0.00254EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992414)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992414 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of...

7.8CVSS6.5AI score0.0015EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992652 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen inste...

5.5CVSS6.2AI score0.00254EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.5 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

4.6CVSS6.7AI score0.00167EPSS
Exploits1References1
NVD
NVD
added 2025/11/24 5:16 p.m.7 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

4.6CVSS0.00167EPSS
Exploits1References2
Rows per page
Query Builder