557 matches found
SUSE CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004312 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of...
CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-71131
The CVE-2025-71131 in the Linux kernel is resolved. The issue was in crypto: seqiv where a request’s iv could be dereferenced after async completion of crypto_aead_encrypt, because the underlying request may be freed. The fix creates a new variable unaligned_info and uses it for the iv check, pre...
CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...
CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...
Use of a Broken or Risky Cryptographic Algorithm
Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in SecurityIO.groovy. An attacker...
GHSA-CRXP-CHH4-9GHP Jervis has Deterministic AES IV Derivation from Passphrase
Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL866-L874...
Jervis 安全漏洞
Jervis is an automation tool from the individual developer Sam Gleske. A security vulnerability exists in versions prior to Jervis 2.2 that stems from the deterministic derivation of AES IV from passwords, which could lead to cryptographic vulnerabilities...
PT-2026-2494
CVE-2025-68701 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. Thi… https://t.co/yRJFluABgT...
UBUNTU-CVE-2026-21444
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...
CVE-2026-21444
CVE-2026-21444 affects libtpms when integrated with OpenSSL 3.x, with vulnerable versions 0.10.0 and 0.10.1. The issue is that the library returns the initial IV instead of the last IV for certain symmetric ciphers, weakening confidentiality. Affected deployments using OpenSSL 3.x are at risk of ...
CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992922)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992922 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen inste...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992414)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992414 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992652)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992652 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen inste...
CVE-2025-63433
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...
CVE-2025-63433
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...