Lucene search
+L

187 matches found

Amazon
Amazon
added 2025/06/10 12:0 a.m.6 views

Important: nodejs20

Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...

7.5CVSS9.5AI score0.00763EPSS
Exploits1
Cvelist
Cvelist
added 2025/06/09 11:57 p.m.18 views

CVE-2025-0036

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime post-boot cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data...

3.2CVSS0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 11:57 p.m.5 views

CVE-2025-0036

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime post-boot cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data...

3.2CVSS3.9AI score0.00126EPSS
Exploits0References1
CVE
CVE
added 2025/06/09 11:57 p.m.52 views

CVE-2025-0036

The CVE concerns AMD Versal Adaptive SoC devices where the Secure Stream Switch (SSS) configuration is not cleared after a cryptographic operation in the Platform Loader and Manager (PLM) during post-boot runtime. This improper SSS setup can lead to data being written to or read from invalid memo...

3.2CVSS3.9AI score0.00126EPSS
Exploits0References1
Amd
Amd
added 2025/06/03 12:0 a.m.11 views

Versal Adaptive SoC – Overwriting Protected Memory Regions through PLM Firmware

AMD ID: AMD-SB-8010 Potential Impact: Loss of confidentiality and Integrity Severity: Medium Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that can allow a remote processor to command the PLM to execute cryptographic...

6.6CVSS5.8AI score0.00146EPSS
Exploits0
Amd
Amd
added 2025/06/03 12:0 a.m.13 views

Versal™ Adaptive SoC – Improper Configuration of the Secure Stream Switch during Post-Boot Cryptographic Operations

AMD ID: AMD-SB-8011 Potential Impact: N/A Severity: N/A Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that allows a remote processor to command the PLM to execute cryptographic operations – including AES, SHA3, RSA, ECD...

3.2CVSS7.2AI score0.00126EPSS
Exploits0
OSV
OSV
added 2025/05/23 1:59 p.m.5 views

OESA-2025-1534 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.9AI score0.00763EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/23 12:0 a.m.5 views

Node.js < 20.19.2, 21.x < 22.15.1, 23.x < 23.11.1, 24.x < 24.0.2 DoS Vulnerability - Windows

Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

7.5CVSS7.1AI score0.00763EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.23 views

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS6.8AI score0.01167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.10 views

CVE-2021-32032

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation in the event of a failure can prevent the abort operation in the associated cryptographic library from freeing internal resources, causing a memory leak...

7.5CVSS6.9AI score0.01774EPSS
Exploits1References1
CVE
CVE
added 2025/05/19 4:4 p.m.44 views

CVE-2025-4876

The CVE-2025-4876 issue affects ConnectWise Risk Assessment’s ConnectWise-Password-Encryption-Utility.exe. Root cause: hardcoded AES decryption key embedded in plaintext in the binary, with no dynamic key management. Impact: an attacker with reverse-engineering capability could obtain the key and...

6CVSS5.9AI score0.0009EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/05/19 2:15 a.m.7 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7AI score
Exploits0References1
OSV
OSV
added 2025/05/19 2:15 a.m.4 views

UBUNTU-CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.1AI score0.00763EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/05/19 1:25 a.m.8 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.8AI score0.00763EPSS
Exploits0
CVE
CVE
added 2025/05/19 1:25 a.m.138 views

CVE-2025-23166

The CVE-2025-23166 issue affects Node.js and stems from SignTraits::DeriveBits() potentially calling ThrowException() with user-controlled inputs when run in a background thread, leading to a crash of the Node.js runtime. Public advisories in the Connected documents confirm affected packages (e.g...

7.5CVSS6.8AI score0.00763EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/05/19 1:25 a.m.5 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS6.8AI score0.00763EPSS
Exploits0
Rockylinux
Rockylinux
added 2025/05/07 7:13 p.m.5 views

opensc security update

An update is available for opensc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSC set of libraries and utilities provides support for working with...

5.9CVSS5.7AI score0.01156EPSS
Exploits1
OSV
OSV
added 2025/05/07 7:13 p.m.7 views

RLSA-2024:0966 Moderate: opensc security update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Side-channel leaks while stripping...

5.6CVSS6.2AI score0.01156EPSS
Exploits1References2
OSV
OSV
added 2025/05/07 7:11 p.m.9 views

RLSA-2024:0967 Moderate: opensc security update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Side-channel leaks while stripping...

5.6CVSS6.2AI score0.01156EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.9 views

opensc security update

An update is available for opensc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSC set of libraries and utilities provides support for working with...

5.9CVSS5.7AI score0.01156EPSS
Exploits1
Rows per page
Query Builder