CVE-2025-64429

A vulnerability was found in DuckDB’s database encryption design. In certain situations, DuckDB could generate encryption keys using a weak random number generator, fail to reliably wipe keys from memory, accept manipulated database headers that disable integrity protection, or miss detecting...

Updated mbedtls packages fix security vulnerabilities

This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...

CVE-2020-11684

AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage such as the bootloader...

[SECURITY] [DSA 3190-1] putty security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3190-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2015 http://www.debian.org/security/faq -...

DSA-3190-1 putty - security update

Bulletin has no description...