DEBIAN-CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...

UBUNTU-CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the HMAC and RSA key lengths used in the JSON Web Signature JWS implementation not meeting recommended security standards. Remediation Upgrade firebase/php-jwt to version 7.0.0 or higher. References...

UBUNTU-CVE-2025-45770

jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper validation of nested key lengths in openvswitch...

oqsprovider Security Vulnerabilities

oqsprovider is a library from the Open Quantum Safe personal developer. A security vulnerability exists in oqsprovider 0.6.0 and earlier versions, which stems from a flaw in oqs-provider's handling of the length of serialized mixed-key and signature-beginning decodings, where incorrectly-formatte...

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

USN-6063-1: Ceph vulnerabilities

Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-3979 It was discovered that Ceph incorrectly handled the volumes...

Qualcomm Wlan Firmware Input Validation Error Vulnerability

Qualcomm Wlan Firmware is a Wlan support firmware from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Wlan Firmware that stems from a failure to verify key lengths prior to use, which may result in memory corruption...

Exploit for Improper Verification of Cryptographic Signature in Golang Package_Ssh

Exploit for CVE-2020-9283 This project is inspired by the o...

glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory

A flaw was found in dict.c:dictunserialize function of glusterfs, dicunserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value...

Quantum Computing and Cryptography

Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to...

Red Hat glusterfs server deserialization vulnerability

Red Hat glusterfs server is an open source distributed file system from Red Hat Red Hat. The system is mainly for media streaming , data analysis and other data and bandwidth intensive tasks to create large-scale distributed storage solutions. A deserialization vulnerability exists in the...

DEBIAN-CVE-2018-10911

A flaw was found in the way dicunserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value...

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

SSL Digital Certificate Security Issues Put CAs on Notice

It’s been a rough couple of years for the security of fundamental Internet infrastructure technologies such the domain name system DNS, SSL and digital certificates. Hackers are taking aim at these core technologies at the heart of ecommerce and online communication, and are more often than not,...