49 matches found
CVE-2026-53302
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
UBUNTU-CVE-2026-53302
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
EUVD-2026-39837
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
CVE-2026-53302
The CVE concerns the Linux kernel’s crypto/eip93 path. Specifically, eip93_hmac_setkey() creates a temporary ahash transform using a driver name (e.g., sha256-eip93) but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since EIP93 hash algorithms are inherently async, the loo...
PT-2026-52941
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the eip93 hmac setkey function where it incorrectly uses the CRYPTO ALG ASYNC mask when allocating a temporary ahash transform. Because EIP93 hash algorithms are...
Astra Linux – Vulnerability in node-minimist
Minimist =1.2.5 is vulnerable to Prototype Pollution through the file index.js, the function setKey lines 69-95...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000663)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000663 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002450)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002450 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...
EUVD-2022-1589
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-44906
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906 Note that Nessus relies on the presence of t...
smb: client: fix NULL ptr deref in crypto_aead_setkey()
...
SUSE CVE-2024-53185
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...
AZL-54824 CVE-2024-53185 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...
DEBIAN-CVE-2024-53185
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...
UBUNTU-CVE-2024-53185
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...
ROS-20240507-05
Vulnerability of setKey function of minimist command line argument parsing library is related to uncontrolled change of object prototype attributes. Exploitation of the vulnerability could allow an attacker to implement a "prototype pollution" attack...
The vulnerability of the setKey() function in the minimist library, which allows a hacker to execute a “ prototype pollution ” attack.
The vulnerability of the setKey function in the minimist library relates to the uncontrolled modification of object prototype attributes. Exploiting this vulnerability could allow a remote attacker to execute a “prototype pollution” attack...
SUSE CVE-2015-8970
crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...
SUSE CVE-2017-9211
The cryptoskcipherinittfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service NULL pointer dereference via a crafted application...
SUSE CVE-2021-44906
Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95...