187 matches found
Important: nodejs20
Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...
CVE-2025-0036
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime post-boot cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data...
CVE-2025-0036
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime post-boot cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data...
CVE-2025-0036
The CVE concerns AMD Versal Adaptive SoC devices where the Secure Stream Switch (SSS) configuration is not cleared after a cryptographic operation in the Platform Loader and Manager (PLM) during post-boot runtime. This improper SSS setup can lead to data being written to or read from invalid memo...
Versal Adaptive SoC – Overwriting Protected Memory Regions through PLM Firmware
AMD ID: AMD-SB-8010 Potential Impact: Loss of confidentiality and Integrity Severity: Medium Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that can allow a remote processor to command the PLM to execute cryptographic...
Versal™ Adaptive SoC – Improper Configuration of the Secure Stream Switch during Post-Boot Cryptographic Operations
AMD ID: AMD-SB-8011 Potential Impact: N/A Severity: N/A Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that allows a remote processor to command the PLM to execute cryptographic operations – including AES, SHA3, RSA, ECD...
OESA-2025-1534 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
Node.js < 20.19.2, 21.x < 22.15.1, 23.x < 23.11.1, 24.x < 24.0.2 DoS Vulnerability - Windows
Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
CVE-2021-29443
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...
CVE-2021-32032
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation in the event of a failure can prevent the abort operation in the associated cryptographic library from freeing internal resources, causing a memory leak...
CVE-2025-4876
The CVE-2025-4876 issue affects ConnectWise Risk Assessment’s ConnectWise-Password-Encryption-Utility.exe. Root cause: hardcoded AES decryption key embedded in plaintext in the binary, with no dynamic key management. Impact: an attacker with reverse-engineering capability could obtain the key and...
CVE-2025-23166
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...
UBUNTU-CVE-2025-23166
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...
CVE-2025-23166
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...
CVE-2025-23166
The CVE-2025-23166 issue affects Node.js and stems from SignTraits::DeriveBits() potentially calling ThrowException() with user-controlled inputs when run in a background thread, leading to a crash of the Node.js runtime. Public advisories in the Connected documents confirm affected packages (e.g...
CVE-2025-23166
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...
opensc security update
An update is available for opensc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSC set of libraries and utilities provides support for working with...
RLSA-2024:0966 Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Side-channel leaks while stripping...
RLSA-2024:0967 Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Side-channel leaks while stripping...
opensc security update
An update is available for opensc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSC set of libraries and utilities provides support for working with...