63 matches found
EUVD-2026-38906
In the Linux kernel, the following vulnerability has been resolved: imafs: Correctly create securityfs files for unsupported hash algos imatpmchip-allocatedbanksi.cryptoid is initialized to HASHALGOLAST if the TPM algorithm is not supported. However there are places relying on the algorithm to be...
libcrux-digest (>=0.0.4 <=0.0.7-rc.1), libcrux-kem (>=0.0.2 <=0.0.2-beta.3) +7 more potentially affected by unknown CVE via libcrux-sha3 (>=0.0.2-beta.3 <=0.0.8-rc.1)
libcrux-sha3 CARGO version =0.0.2-beta.3, =0.0.4, =0.0.2, =0.0.3, =0.0.2-alpha.1, =0.0.2-alpha.3 - libcrux-psq =0.0.2-beta.3 - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 - wpa-next =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-Q29P-9PFR-J652...
GHSA-Q29P-9PFR-J652 libcrux-sha3: Incorrect output from SHAKE squeeze functions
The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...
libcrux-sha3: Incorrect output from SHAKE squeeze functions
The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...
MiracleLinux 9 : php:8.1 (AXSA:2023-5806:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5806:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...
php:7.4 security update
An update is available for module.php, module.php-pecl-xdebug, module.php-pear, module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, php, php-pear, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug, module.libzip, libzip. This update affects Rocky Linux 8. A Common Vulnerabili...
libcrux-aesgcm (=0.0.4-pre.1), libcrux-ml-dsa (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-intrinsics (>=0.0.3 <=0.0.4-pre.1)
libcrux-intrinsics CARGO version =0.0.3, =0.0.3, =0.0.3-alpha.3 Source cves: unknown CVE Source advisory: OSV:GHSA-2CGV-28VR-RV6J...
RUSTSEC-2025-0133 Incorrect calculation on aarch64
On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...
EUVD-2025-5561
Malicious code in bioql PyPI...
Malicious code in simple-js-sha3 (npm)
The package simple-js-sha3 was found to contain malicious code...
Malicious code in ks-sha3 (npm)
The package ks-sha3 was found to contain malicious code...
Malicious code in jr-sha3 (npm)
The package jr-sha3 was found to contain malicious code...
Malicious code in hs-sha3 (npm)
The package hs-sha3 was found to contain malicious code...
Malicious code in jc-sha3 (npm)
The package jc-sha3 was found to contain malicious code...
Malicious code in simple-js-sha3-224 (npm)
The package simple-js-sha3-224 was found to contain malicious code...
Malicious code in simple-js-sha3-256 (npm)
The package simple-js-sha3-256 was found to contain malicious code...
Malicious code in simple-js-sha3-512 (npm)
The package simple-js-sha3-512 was found to contain malicious code...
MAL-2025-23888 Malicious code in jq-sha3 (npm)
The package jq-sha3 was found to contain malicious code...
Malicious code in simple-js-sha3-384 (npm)
The package simple-js-sha3-384 was found to contain malicious code...
Malicious code in bs-sha3 (npm)
The package bs-sha3 was found to contain malicious code...