185 matches found
EUVD-2025-6612
Malicious code in bioql PyPI...
EUVD-2025-12475
Malicious code in bioql PyPI...
EUVD-2024-41133
Malicious code in bioql PyPI...
EUVD-2024-41134
Malicious code in bioql PyPI...
EUVD-2025-12473
Malicious code in bioql PyPI...
CVE-2025-59534
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in...
CVE-2025-59534 CryptoLib command Injection vulnerability in initialize_kerberos_keytab_file_login()
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in...
CVE-2025-59534 CryptoLib command Injection vulnerability in initialize_kerberos_keytab_file_login()
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in...
CVE-2025-59534
CryptoLib (NASA’s library using CCSDS SDLS-EP) contains a command-injection vulnerability in initialize_kerberos_keytab_file_login() present in versions prior to 1.4.2. The flaw arises from unsanitized, user-controlled input directly interpolated into a shell command and executed via system(), en...
CryptoLib 操作系统命令注入漏洞
CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. An operating system command injection vulnerability exists in CryptoLib versions prior to 1.4.2, which stems from the initializekerberoskeytabfilelogin...
CVE-2025-54878
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...
CVE-2025-54878
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...
CVE-2025-54878 Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup`
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...
CVE-2025-54878
CVE-2025-54878 affects NASA CryptoLib (versions ≤ 1.4.0) where the IV setup logic for telecommand frames lacks bounds checking when copying the Initialization Vector into a newly allocated buffer. This heap buffer overflow can be triggered by a crafted telecommand frame, causing heap corruption a...
CVE-2025-54878 Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup`
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version...
Malicious code in symphony-cryptolib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8216b9fdde76a4f40936fd19fbe9a3a7d73dcf66ffdde04c6cf54ee965448b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5864 Malicious code in symphony-cryptolib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8216b9fdde76a4f40936fd19fbe9a3a7d73dcf66ffdde04c6cf54ee965448b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-44911
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem cryptotc.c...
CVE-2024-44912
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem cryptotm.c...
CVE-2024-44910
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem cryptoaos.c...