44 matches found
CVE-2026-54736
Technical details (affected versions, root cause specifics, and remediation beyond what is in the Initial Description) are not publicly available in the provided documents; monitor for updates.
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of error handling in the rxgxkextracttoken function. When rxgxkdecryptskb returns -ENOME...
CVE-2026-6986
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...
ROS-20260420-73-0009
A vulnerability in the PKCS12itemdecryptd2iex function of the OpenSSL library is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the wcPKCS7DecryptOri function when processing a CMS EnvelopedData message containing an OtherRecipientInfo recipient. An attacker can execute arbitrary code or cause a crash by sending a crafted message...
ALPINE-CVE-2026-28389
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...
CVE-2026-2968
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...
CLSA-2026-1770804736 Fix CVE(s): CVE-2025-69421
SECURITY UPDATE: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files - debian/patches/CVE-2025-69421.patch: fix NULL pointer dereference in PKCS12itemdecryptd2i by adding NULL check for oct parameter - CVE-2025-69421...
CLSA-2026-1770717529 Fix CVE(s): CVE-2025-69421
SECURITY UPDATE: check oct argument for NULL in PKCS12itemdecryptd2ie - debian/patches/CVE-2025-69421.patch: fix a NULL pointer dereference in the PKCS12itemdecryptd2iex function. - CVE-2025-69421...
CVE-2025-69421
Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...
CVE-2025-59095
CVE-2025-59095 affects dormakaba Kaba exos 9300 software. Public descriptions in multiple sources indicate that DLLs/binaries (notably Kaba.EXOS.common.dll) use a hard-coded, static cryptoKey with a simple XOR-based encrypt/decrypt routine to process user PINs before storing them in MSSQL. The ro...
CVE-2026-22700 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
CVE-2025-11931
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
UBUNTU-CVE-2025-11931
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
CVE-2025-11931
The set of connected documents confirms this CVE affects wolfSSL’s XChaCha20-Poly1305 code, specifically the wc_XChaCha20Poly1305_Decrypt() function. The root cause is an integer underflow that can lead to out-of-bounds access when decrypting, and this path is taken from direct application calls ...
CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
EUVD-2025-198522
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
EUVD-2018-7450
Malware in sbrugna...
EUVD-2006-1600
Malware in sbrugna...