15 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crashdump: Do not log the bytes of the dm-crypt key in readkeyfromuserkeying. When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload, thereby partially exposing the dm-crypt key. Stop loggi...
SUSE CVE-2026-31543
In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...
EUVD-2026-25436
In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...
CVE-2026-21621 Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access
Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...
PT-2026-23497
Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000727)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000727 advisory. The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may b...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002473)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002473 advisory. The keyctlreadkey function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial o...
Linux Distros Unpatched Vulnerability : CVE-2017-12192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key...
CVE-2025-37782
...
PT-2025-18463
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-out-of-bounds issue has been resolved in the Linux kernel's hfs subsystem. The issue was reported by Syzbot and occurred in the hfs bnode read key function. The problem was caused...
ALPINE-CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the XkbReadKeySyms function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system...
SUSE CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the XkbReadKeySyms function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system...
UBUNTU-CVE-2017-12192
The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service OOPS and system crash via a crafted...
OpenVPN 'read_key()' function buffer overflow vulnerability
OpenVPN is an open source VPN program. A buffer overflow vulnerability exists in the OpenVPN 'readkey' function, which allows remote attackers to exploit the vulnerability by submitting a special request that could crash the application or execute arbitrary code...
CVE-2013-7290
The doitemget function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service segmentation fault via a request to delete a key, which does not account for the lack of a null terminator in the key and...