UBUNTU-CVE-2023-53684

In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...

CVE-2023-53684 xfrm: Zero padding when dumping algos and encap

In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...

CVE-2023-53684

In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...

CVE-2023-53684 xfrm: Zero padding when dumping algos and encap

In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...

EUVD-2025-32723

In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random possibly sensitve data and should never be give...

CVE-2023-53684

Summary (CVE-2023-53684) in the Linux kernel's xfrm subsystem, the patch fixes a padding issue when copying data to user space. Specifically, zero padding is now used when dumping xfrm algorithms and the encap template in xfrm_user, preventing potentially sensitive padding data from being exposed...

PT-2025-41128

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of xfrm algorithms and encap templates when copying data to user-space. Padding within structures may contain random or sensitiv...

EUVD-2025-27934

Malicious code in bioql PyPI...

EUVD-2025-6299

Malicious code in bioql PyPI...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

Linux Distros Unpatched Vulnerability : CVE-2017-15139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to...

CVE-2025-2265

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

CVE-2025-2265

The CVE-2025-2265 entry concerns Santesoft Sante PACS Server (Sante PACS Server.exe) where a web user’s password is processed as a 0x2000-byte zero-padded value that is SHA-1 hashed, base64-encoded, and stored in the HTTP.db’s USER table. The reported issue is that the number of hash bytes encode...

CVE-2025-24802

Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floornumroutedwires / 3 always include the 0 - 0 input-output pair. Thus a malicious prover can always prove that f0 = 0 for any lookup table f unless its length happens ...

CVE-2025-24802 Soundness issue with Plonky2 look up tables

Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floornumroutedwires / 3 always include the 0 - 0 input-output pair. Thus a malicious prover can always prove that f0 = 0 for any lookup table f unless its length happens ...

Plonky2 安全漏洞

Plonky2 is a repository open-sourced by Polygon Zero. A security vulnerability exists in Plonky2, which stems from the zero-padding mechanism originating from LookupTableGate, and could lead to a malicious prover proving that f0 = 0...

SUSE CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

K15389: OpenSSL vulnerability CVE-2011-4576

Security Advisory Description The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

openstack-cinder: Data retained after deletion of a ScaleIO volume

An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive...

Design/Logic Flaw

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...