Security update for opensc

This update for opensc fixes the following issues: CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

SUSE-SU-2025:02754-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386...

Linux Distros Unpatched Vulnerability : CVE-2025-49087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 paddin...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

Linux Distros Unpatched Vulnerability : CVE-2020-13666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal...

PT-2025-32486

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where an authenticated user can cause a denial of service due to insufficient resource...

Linux Distros Unpatched Vulnerability : CVE-2025-26695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

SUSE-SU-2025:20530-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386...

Security update for opensc

This update for opensc fixes the following issues: CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

Medium: perl-Crypt-OpenSSL-RSA

Issue Overview: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial...

SUSE CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

CVE-2025-49087

A flaw was found in mbedtls. A timing vulnerability exists within the PKCS7 padding removal process for block ciphers, allowing a remote attacker to potentially recover plaintext data. This exploitation occurs through the observation of the time it takes to process a crafted ciphertext, resulting...

ALPINE-CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

DEBIAN-CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...