Lucene search
K

1041 matches found

Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.3 views

PT-2025-52990

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the LRU and LRU PERCPU hash maps within the Linux kernel. These maps allocate a new element on update before locking the target hash table bucket. If bucket locki...

6.3AI score0.00157EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the BPF LRU hash map not freeing allocated elements in the event of a bucket lock failure, potentially leadi...

6.1AI score0.00157EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/18 8:37 p.m.3 views

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS6.7AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/18 3:22 p.m.5 views

CVE-2025-14762

A flaw was found in the AWS SDK for Ruby, an open-source client-side encryption library. A user with write access to an S3 Simple Storage Service bucket can exploit a missing cryptographic key commitment. This allows the introduction of a new Encrypted Data Key EDK that decrypts to different...

6CVSS6.3AI score0.00185EPSS
Exploits0References6
NVD
NVD
added 2025/12/17 9:15 p.m.13 views

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

6CVSS0.00185EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/17 9:15 p.m.5 views

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS5.9AI score0.00176EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/12/17 9:15 p.m.2 views

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

6CVSS7.2AI score0.00185EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/17 8:40 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

6CVSS6.7AI score0.00176EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/17 8:38 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

6CVSS6.7AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/17 8:38 p.m.2 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

6CVSS6.7AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/17 8:38 p.m.2 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

6CVSS6.7AI score0.00094EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/17 8:38 p.m.2 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

6CVSS6.7AI score0.00094EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/17 8:38 p.m.3 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

6CVSS6.7AI score0.00094EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/17 8:38 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

6CVSS6.7AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/17 8:11 p.m.22 views

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS0.00141EPSS
Exploits0References3
OSV
OSV
added 2025/12/17 12:1 a.m.6 views

OSV-2025-989 Bad-cast to UT_hash_bucket' (aka 'struct UT_hash_bucket')password_file__cleanup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=468922225 Crash type: Bad-cast Crash state: Bad-cast to UThashbucket' aka 'struct UThashbucket'passwordfilecleanup mosquittosecuritycleanupdefault brokerfuzzpasswordfile.cpp...

6.8AI score
Exploits0References1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.14 views

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

6CVSS6.4AI score0.00094EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

6CVSS6.4AI score0.00103EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51883

Name of the Vulnerable Software and Affected Versions AWS SDK for Ruby versions prior to 1.208.0 Description A missing cryptographic key commitment in the AWS SDK for Ruby could allow a user with write access to an S3 bucket to introduce a new encryption data key EDK that decrypts to different...

6CVSS6.3AI score0.00185EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

AWS SDK for C++ 安全漏洞

AWS SDK for C++ is an open source developer toolkit for C++ by Amazon Web Services A security vulnerability exists in AWS SDK for C++ that stems from a lack of cryptographic key commitment, which could lead to a user with write access to an S3 storage bucket introducing a new EDK that decrypts a...

6CVSS6.5AI score0.00141EPSS
Exploits0References3
Rows per page
Query Builder