Lucene search
K

115 matches found

OSV
OSV
added 2026/01/27 4:16 p.m.8 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS7.3AI score0.47621EPSS
Exploits7References9
RedhatCVE
RedhatCVE
added 2026/01/27 3:5 p.m.5 views

CVE-2025-15467

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

9.8CVSS6.2AI score0.47621EPSS
Exploits7References3
OSV
OSV
added 2026/01/27 12:0 a.m.3 views

UBUNTU-CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS8.1AI score0.47621EPSS
Exploits7References3
Microsoft CVE
Microsoft CVE
added 2026/01/16 9:3 a.m.7 views

crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

...

5.5CVSS5.4AI score0.00114EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001628 advisory. crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface...

7.8CVSS6.5AI score0.00411EPSS
Exploits0References10
OSV
OSV
added 2026/01/14 3:16 p.m.3 views

UBUNTU-CVE-2025-71131

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References37
Cvelist
Cvelist
added 2026/01/14 3:7 p.m.27 views

CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

0.00114EPSS
Exploits0References7
CVE
CVE
added 2026/01/10 12:17 a.m.21 views

CVE-2026-22023

CryptoLib (software-only SDLS-EP) for cFS-ground station uses cryptography_aead_encrypt(). Prior to 1.4.3, there is an out-of-bounds heap read vulnerability in that function due to a flawed strtok pattern during KMC AEAD encrypt metadata parsing. The issue affects CryptoLib versions before 1.4.3 ...

8.2CVSS6.5AI score0.00525EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/10 12:17 a.m.23 views

CVE-2026-22023 CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read...

8.2CVSS0.00525EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/10 12:17 a.m.2 views

CVE-2026-22023 CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read...

8.2CVSS6.5AI score0.00525EPSS
Exploits1References3
OSV
OSV
added 2025/11/20 5:36 p.m.5 views

GHSA-73G8-5H73-26H4 @hpke/core reuses AEAD nonces

Summary The public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. Details The SenderContext Seal implementation allows for concurrent...

9.1CVSS6.9AI score0.00193EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/10/29 12:25 a.m.2 views

SUSE CVE-2025-40052

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

5.5CVSS6.5AI score0.00197EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-40052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this...

6.6AI score0.00197EPSS
Exploits0References3
PyPA
PyPA
added 2025/10/15 8:15 a.m.9 views

PYSEC-2025-184

This issue affects Apache Spark versions before 3.4.4,3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.When spark.network.crypto.enabled is set to true it is set to false by default, but...

6.5CVSS7.2AI score0.00225EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/10/15 8:15 a.m.9 views

PYSEC-2025-184

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

6.5CVSS7.2AI score0.00225EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/15 7:19 a.m.6 views

EUVD-2025-34531

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

6.5CVSS6.2AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/15 7:19 a.m.5 views

CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1979

Malicious code in bioql PyPI...

5.8CVSS6.3AI score0.01655EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4332

Malicious code in bioql PyPI...

2.6CVSS8.7AI score0.02426EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/08/04 4:59 p.m.5 views

kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done

A vulnerability was found in the Linux kernel's management of network namespaces. By manipulating the lifecycle of network namespaces, an attacker could exploit this vulnerability to cause a system crash or leak sensitive system memory. Exploitation of this vulnerability requires that a user has...

7.8CVSS7.2AI score0.00171EPSS
Exploits0References5
Rows per page
Query Builder