666 matches found
SUSE CVE-2026-42767
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
CVE-2026-33585
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-33584
Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2025-8095
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supporte...
CVE-2026-33583
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-50208 Permissive TrustAllCerts TLS Verification
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
CVE-2026-46063
In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow...
CVE-2026-32848
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...
EUVD-2026-30791
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodevop within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit...
PT-2026-41713
Name of the Vulnerable Software and Affected Versions NetBSD versions prior to commit ec8451e Description A race condition in the cryptodev op function within the opencrypto subsystem allows local attackers to trigger a double-free condition on SMP Symmetric Multiprocessing systems. This occurs...
CVE-2025-14972
Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...
EUVD-2026-30114
Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-33585
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-33585
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-33584
Summary: CVE-2026-33584 affects the Arqit Symmetric Key Agreement Platform, where the Keycloak management service is exposed, allowing unauthorized access to sensitive debug information (metrics and health data) for versions before 26.03. The CVSS 3.1 base score is 5.3 (MEDIUM) with network attac...
CVE-2026-33583
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-33583 Arqit SKA-Platform Vulnerable to Key Exposure
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...
Arqit Symmetric Key Agreement Platform 安全漏洞
The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from improper management of the idle timeou...
PT-2026-40762
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...
Arqit Symmetric Key Agreement Platform 安全漏洞
The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the QKEY and internal system...