83892 matches found
[SECURITY] Fedora 43 Update: haveged-1.9.22-1.fc43
A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...
[SECURITY] Fedora 44 Update: haveged-1.9.21-1.fc44
A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...
CVE-2026-46156
The CVE CVE-2026-46156 concerns a Loongson-specific kernel issue in the Linux kernel where loongson_gpu_fixup_dma_hang() could read from an invalid address due to using base+PCI_DEVICE_ID with a device from pdev->devfn+1. This could lead to ADE on Loongson GPUs embedded via PCIe during DMA Han...
CVE-2026-45949
A flaw was found in the Linux kernel's hardware random number generator hwrng core. A race condition exists where concurrent or rapid calls to the hwrngunregister function can lead to a use-after-free vulnerability. This issue allows the system to attempt to access freed memory, potentially causi...
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by...
EUVD-2026-32233
In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...
USN-8325-1 tgt vulnerability
It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...
USN-8325-1: tgt vulnerability
It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...
UBUNTU-CVE-2026-46075
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-boot (CVE-2026-40973, CVE-2026-40975, CVE-2026-40977)
Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-40973, CVE-2026-40975, CVE-2026-40977 reported for spring-boot-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the...
EUVD-2026-32457
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while...
CVE-2026-46075
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while...
CVE-2026-45949
The CVE concerns the Linux kernel hwrng subsystem. A race in hwrng_fill/hwrng_fillfn could cause use-after-free when unregistering while a fill thread is pending, or immediately after registration, leading to dead/unsafe cleanup of the hwrng_fill pointer. The fix serializes thread start/stop with...
CVE-2026-45949
hwrng: core - use RCU and workstruct to fix race condition...
PT-2026-43816
In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and work struct to fix race condition Currently, hwrng fill is not cleared until the hwrng fillfn thread exits. Since hwrng unregister reads hwrng fill outside the rng mutex lock, a concurrent hwrng unregist...
CVE-2026-8647
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...
CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...
EUVD-2026-32022
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...
PT-2026-43430
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random bytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...
Crypt::ScryptKDF 安全漏洞
Crypt::ScryptKDF is a Perl cryptography module developed by MIK’s individual developers. It supports Scrypt-based key derivation and cryptographic hash processing functions. Versions of Crypt::ScryptKDF prior to 0.010 contained security vulnerabilities, which stemmed from the use of insecure rand...