41 matches found
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption a...
CVE-2026-5081
A flaw was found in Apache::Session::Generate::ModUniqueId, a Perl module designed to generate session identifiers. This module uses the Apache moduniqueid plugin's UNIQUEID environment variable directly as a session ID. The UNIQUEID is constructed from easily guessable information, such as the...
CVE-2026-44405
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...
Quantum Computers Are Not a Threat to 128-bit Symmetric Keys
The advancing threat of cryptographically-relevant quantum computers has made it urgent to replace currently-deployed asymmetric cryptography primitives—key exchange ECDH and digital signatures RSA, ECDSA, EdDSA—which are vulnerable to Shor’s quantum algorithm. It does not, however, impact existi...
CLSA-2026-1773161124 Fix CVE(s): CVE-2021-22876, CVE-2025-15079
SECURITY UPDATE: acceptance of hosts not listed in specified knownhosts file during SSH-based transfers - debian/patches/CVE-2025-15079.patch: Set both knownhosts options to same file and fix surprises caused by libssh exposing separate KNOWNHOSTS and GLOBALKNOWNHOSTS options. - CVE-2025-15079...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the use of SHA1 PCRs when sealing and unsealing the vault key. An attacker can bypass integrity checks and modify configuration files undetected by measured boot and remote attestation by...
Libgcrypt 1.12.0
Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...
SUSE-SU-2026:20356-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption bsc1255715. Other security fixes: - gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures bsc1256246. - gpg...
CVE-2025-68702 Jervis has a SHA-256 Hex String Padding Bug
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...
libcrux incorrectly calculates on aarch64
On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...
Malicious code in tensorfi-secure-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93a1f3633d2738b3112eae340090cc5ca67f6847ed89ade9de6c8448b591c20b The package tensorfi-secure-hash was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview tensorfi-secure-hash is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-191554 Malicious code in tensorfi-secure-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93a1f3633d2738b3112eae340090cc5ca67f6847ed89ade9de6c8448b591c20b The package tensorfi-secure-hash was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-200198
Malicious code in tensorfi-secure-hash npm...
System Password Security: Attack and Defense Mechanisms
System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute corresponding operations. In recent years, frequent passwor...
UBUNTU-CVE-2022-49627
In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in imainitcrypto On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the imaalgoarray. Add the missing kfree for imaalgoarray to avoid the potential memory leak...
SUSE CVE-2024-55885
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...
GHSA-9J3M-FR7Q-JXFW Beego has Collision Hazards of MD5 in Cache Key Filenames
In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure...
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm through the generateUserLink function. This could lead to account takeover, which can lead to theft of sensitive data, modification of website content, addition/deletion of administrator...
VulnCheck KEV: CVE-2021-27877
Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...