14 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Returns a CQE error if an invalid lkey is provided. RXE fails to update the WQE status in cases of LOCALwrite failures. This caused the following kernel panic if someone performed an atomic operation with an explicit...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. Version 5.8.4 of wolfSSL contains a security vulnerability. This vulnerability stems from the constant-time masking logic in...
GO-2026-4622 OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes in github.com/OliveTin/OliveTin
OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes in github.com/OliveTin/OliveTin...
CVE-2026-30223 OliveTin: JWT Audience Validation Bypass in Local Key and HMAC Modes
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...
CVE-2026-30223 OliveTin: JWT Audience Validation Bypass in Local Key and HMAC Modes
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...
GHSA-G962-2J28-3CG9 OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes
Summary When JWT authentication is configured using either: - authJwtPubKeyPath local RSA public key, or - authJwtHmacSecret HMAC secret, the configured audience value authJwtAud is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted...
OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes
Summary When JWT authentication is configured using either: - authJwtPubKeyPath local RSA public key, or - authJwtHmacSecret HMAC secret, the configured audience value authJwtAud is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted...
CVE-2025-68664 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries...
WOLFBOX Level 2 EV Charger 安全漏洞
The WOLFBOX Level 2 EV Charger is an electric vehicle charger from WOLFBOX. A security vulnerability exists in the WOLFBOX Level 2 EV Charger that stems from improper handling of the secKey, localKey, stdTimeZone, and devId parameters, which could lead to a heap buffer overflow and remote code...
AZL-62669 CVE-2025-21732 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in a CQE with an error on the UMR QP. During the mlx5ibderegmr flow, the following sequence of...
CVE-2024-45374
The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...
PT-2024-31587 · Gotenna · Gotenna Pro Atak Plugin
Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK plugin affected versions not specified Description: The issue concerns the use of weak passwords for sharing encryption keys via the key broadcast method in the goTenna Pro ATAK plugin. If the broadcasted encryption key is...
DEBIAN-CVE-2021-47076
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCALWRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. leonro@...
kernel: RDMA/rxe: Return CQE error if invalid lkey was supplied
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCALWRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. leonro@...