USN-7954-1 libtasn1-6 vulnerabilities

It was discovered that Libtasn1 incorrectly handled decoding ASN.1 content. An attacker could possibly use this issue to cause Libtasn1 to crash, resulting in a denial of service. CVE-2025-13151 It was discovered that Libtasn1 incorrectly handled encoding ASN.1 content. An attacker could possibly...

CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22697

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

EUVD-2026-1888

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

CVE-2026-22697

CryptoLib (SDLS-EP) prior to version 1.4.3 is affected by a heap buffer overflow in the KMC crypto service integration during Base64 decoding of ciphertext/cleartext fields. The decoder uses an expected output length to size the destination buffer, but actually writes based on input length and do...

CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

CryptoLib 安全漏洞

CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib versions prior to 1.4.3 that stems from a failure to enforce target size limits during Base64 decoding, which...

PT-2026-2247

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP for secure communication between spacecraft and ground stations. Versions prior ...

CVE-2023-29996

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfodecode and unsubinfodecode...

CVE-2019-2254

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615,...

CVE-2019-2187

In nfcncifdecoderfparams of nfcncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1...

CVE-2020-12751

An issue was discovered on Samsung mobile devices with O8.X, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 May 2020...

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow 2.8.0. ...

CVE-2025-8307 Recoverable passwords in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

AZL-73730 CVE-2026-21441 affecting package python-urllib3 for versions less than 2.0.7-4

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

Exploit for CVE-2025-68926

PoC Usage Instructions Single-target Detection python...

curl: CRLF Injection in Gopher Protocol (`lib/gopher.c`)

Control characters slip through during URL handling in curl’s Gopher setup. Though null bytes get blocked by the REJECTZERO setting, returns and line feeds remain permitted. A specially built address using percent-encoded breaks - like %0D%0A - opens room for command insertion. Because of how...

curl: MQTT Protocol Violation & Integer Overflow in libcurl

Executive Summary Vulnerability Type: CWE-190 Component: lib/mqtt.c Function: mqttdecodelen Affected Architectures: - All architectures: Protocol non-compliance leading to stream desynchronization - 32-bit architectures: Deterministic integer overflow in length decoding libcurl does not correctly...