257 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/tls: The bug related to slab-out-of-bounds condition in decryptinternal has been fixed. The memory size of tlsctx-rx.iv for AES128-CCM is 12 bytes when tlssetswoffload is called. The return value of cryptoaeadivsize for...
CVE-2025-40745
A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...
CVE-2026-41565
CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...
Astra Linux - уязвимость в php7.3
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when AES-CCM mode is used with the opensslencrypt function and a 12-byte IV is provided, only the first 7 bytes of the IV are actually used. This can result in reduced security and incorrect encrypted data...
CVE-2025-40745
A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...
CVE-2025-40745
Summary: CVE-2025-40745 affects Siemens software including Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation. All versions listed are prior to the specified updates (e.g., Software Center < V3.5.8.2, Simcenter 3D <...
CVE-2025-40745
A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...
EUVD-2025-209431
A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...
PT-2026-32606
Name of the Vulnerable Software and Affected Versions Siemens Software Center versions prior to V3.5.8.2 Simcenter 3D versions prior to V2506.6000 Simcenter Femap versions prior to V2506.0002 Simcenter STAR-CCM+ versions prior to V2602 Solid Edge SE2025 versions prior to V225.0 Update 13 Solid Ed...
Important: amazon-efs-utils
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...
Linux Distros Unpatched Vulnerability : CVE-2026-34876
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjace...
SUSE CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
EUVD-2026-18356
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
DEBIAN-CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
UBUNTU-CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
CVE-2026-34876
The CVE-2026-34876 issue affects Mbed TLS 3.x prior to 3.6.6. An out-of-bounds read in mbedtls_ccm_finish() (library/ccm.c) can reveal adjacent CCM context data when the multipart CCM API is invoked with an oversized tag_len. Root cause: missing validation of tag_len against the internal 16-byte ...
CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
Mbed TLS 安全漏洞
Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Versions of Mbed TLS prior to 3.6.6 contained security vulnerabilities. These vulnerabilities stemmed from a lack of validation for the taglen parameter in the mbedtlsccmfinish function,...
Important: mount-s3
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...