PT-2025-37526

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the cfg80211 subsystem related to the wext interface. Key data in wext.connect is not reset during connection attempts, potentially leading to a...

s390/pkey: Wipe copies of clear-key structures on failure

...

Linux Distros Unpatched Vulnerability : CVE-2023-50981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated...

libxslt Key Data Storage Use-After-Free

libxslt suffers from a use-after-free vulnerability with key data stored cross-RVT...

NewStart CGSL MAIN 7.02 : cryptopp Multiple Vulnerabilities (NS-SA-2025-0115)

The remote NewStart CGSL host, running version MAIN 7.02, has cryptopp packages installed that are affected by multiple vulnerabilities: - ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associate...

CVE-2024-49847

Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE...

CVE-2024-49847

CVE-2024-49847 describes a transient DoS affecting Qualcomm chipsets during processing of OTA registration messages, caused by incorrect ciphering key data IE. The vulnerability is tied to the OTA handling flow in the chipset/firmware (Qualcomm components). The CVSSv3.1 base is 7.5 (High) with ne...

CVE-2024-49847 Buffer Over-read in Multi-Mode Call Processor

Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from the use of an incorrect encryption key data IE when processing registration to receive OTAs, which could result in a temporary denial of service...

CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

CVE-2024-38404

CVE-2024-38404 describes a transient DoS in Qualcomm modem components triggered when a registration-accept OTA contains incorrect ciphering key data. The issue is documented across multiple feeds (NVD/NCSC/Red Hat summaries) with the same description. Connected sources indicate impact on Qualcomm...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a denial of service when the modem receives a registration acceptance OTA with an incorrect encryption key data IE...

CVE-2024-20495

A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition on an...

CVE-2024-20495

The CVE-2024-20495 issue affects Cisco ASA and Cisco FTD’s Remote Access VPN feature. The root cause is improper validation of client key data after the TLS session is established, enabling an unauthenticated, remote attacker to force the device to reload and trigger a DoS. Public documents from ...

Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco, Inc.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. It is used to protect...

CVE-2024-23358 Buffer Over-read in Multi Mode Call Processor

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem...

CVE-2024-23358 Buffer Over-read in Multi Mode Call Processor

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem...

CVE-2024-23358

CVE-2024-23358 affects Qualcomm closed-source modem components. The root cause is reported as incorrect ciphering key data during OTA registration, triggering a transient Denial of Service. The available documents do not specify affected firmware versions, exact product names, or a remediation/pa...

GHSA-6H53-Q94J-348W RobotsAndPencils go-saml authentication bypass vulnerability

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

AZL-47403 CVE-2024-42156 affecting package kernel for versions less than 6.6.64.2-9

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key...