Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: The jump labels are called before parseearlyparam is executed. On 64-bit systems, calling jumplabelinit within setupfeaturekeys is too late because static keys may be used in subroutines of parseearlyparam, which in...

DEBIAN-CVE-2026-4800

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

CVE-2024-54855

fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts...

EUVD-2024-55374

fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts...

PT-2026-2433

Name of the Vulnerable Software and Affected Versions fabricators Ltd Vanilla OS 2 Core image version 1.1.0 Description The software contains static keys for the SSH service. This may allow attackers to execute a man-in-the-middle attack during connections with other hosts. Recommendations At the...

CVE-2024-54855

fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts...

Vanilla OS 2 Core image 安全漏洞

Vanilla OS 2 Core image is an open source base system image for Vanilla OS. A security vulnerability exists in Vanilla OS 2 Core image version v1.1.0, which stems from the use of static keys by the SSH service and could lead to a man-in-the-middle attack...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992483 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in...

EUVD-2017-2663

Malware in sbrugna...

pbkdf2 silently disregards Uint8Array input, returning static keys

Summary On historic but declared as supported Node.js versions 0.12-2.x, pbkdf2 silently disregards Uint8Array input This only affects Node.js = 0.12 and there seems to be ongoing effort in this repo to maintain that Support Uint8Array input input is typechecked against Uint8Array, and the error...

SUSE CVE-2022-50012

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in subroutines of parseearlyparam which is again subroutine of earlyinitdevtree...

SUSE CVE-2022-50091

In the Linux kernel, the following vulnerability has been resolved: locking/csdlock: Change csdlockdebug from earlyparam to setup The csdlockdebug kernel-boot parameter is parsed by the earlyparam function csdlockdebug. If set, csdlockdebug invokes staticbranchenable to enable csdlockwait feature...

CVE-2022-50012

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in subroutines of parseearlyparam which is again subroutine of earlyinitdevtree...

DEBIAN-CVE-2022-50012

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in subroutines of parseearlyparam which is again subroutine of earlyinitdevtree...

CVE-2022-50012 powerpc/64: Init jump labels before parse_early_param()

In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in subroutines of parseearlyparam which is again subroutine of earlyinitdevtree...

Yealink Meeting Server 安全漏洞

Yealink YeaLink Meeting Server is a distributed cloud video conferencing infrastructure from China Yealink Yealink. A security vulnerability exists in Yealink Meeting Server versions prior to V26.0.0.67, which originates from allowing an attacker to obtain static key information from a front-end ...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

The vulnerability of the TLS/SSL Server software component for network management in Brocade SANnav allows attackers to enhance their privileges.

The vulnerability of the TLS/SSL Server software component for managing SAN networks in Brocade SANnav systems is related to the presence of static encryption keys on ports 443 and 18082. Exploiting this vulnerability could allow a malicious actor to increase their privileges...

CVE-2022-25569

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software...