43 matches found
PT-2024-36551 · Unknown · Invoice Ninja
Name of the Vulnerable Software and Affected Versions: Invoice Ninja versions prior to 5.10.43 Description: The issue allows remote code execution from a pre-authenticated route when an attacker knows the APP KEY. This is exacerbated by .env files that have default APP KEY values. The route...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
kernel: tls: use-after-free with partial reads and async decrypt
A use-after-free vulnerability was found in the tls subsystem of the Linux kernel. The tlsdecryptsg function doesn't take references on the pages from clearskb, so the putpage in tlsdecryptdone releases them and a use-after-free can be triggered in processrxlist when trying to read from the...
kernel: Denial of service in beacon protection for P2P-device
A flaw was found in P2P-Device in wifi in ieee80211rxhdecrypt in net/mac80211/rx.c in the Linux kernel, leading to a denial of service...
The vulnerability of the tls_decrypt_done() function in the net/tls/tls_sw.c module of the TLS (Transport Layer Security) protocol implementation in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the tlsdecryptdone function in the net/tls/tlssw.c module of the TLS Transport Layer Security protocol implementation in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the...
SUSE CVE-2018-11724
The mobipk1decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted mobi file...
Uncontrolled Resource Consumption
github.com/flynn/noise is vulnerable to uncontrolled resource consumption. The weakened cryptographic security after encrypting 2^64 messages causes multiple messages to be encrypted with the same key and nonce resulting in denial of service conditions. Additionally the Decrypt function increment...
CVE-2021-4239
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...
Design/Logic Flaw
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...
CVE-2021-4239 Weak encryption and denial of service in github.com/flynn/noise
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...
CVE-2021-4239
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...
GO-2022-0425 Weak encryption and denial of service in github.com/flynn/noise
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...
PT-2020-16764 · Robbie Van Bommel · Rvtools
Name of the Vulnerable Software and Affected Versions: RVTools version 4.0.6 Description: The issue concerns the encryption of passwords in RVTools. Specifically, the RVToolsPasswordEncryption.exe utility in RVTools 4.0.6 uses a static initialization vector IV and key for encryption. This static...
FreeRDP Buffer Overflow Vulnerability (CNVD-2020-31411)
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer overflow vulnerability exists in the securityfipsdecrypt file in libfreerdp/core/security.c in versions of FreeRDP prior to 2.1.1. The vulnerability stems from a network system or product...
CVE-2018-15576
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key...
CVE-2018-15576
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key...
Design/Logic Flaw
The decrypt function in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this functi...
CVE-2009-1374
Pidgin (formerly Gaim) is affected by CVE-2009-1374 due to a buffer overflow in the decrypt_out function when processing QQ packets, which can cause the application to crash (DoS). Several connected advisories note this as part of a set of fixes for Pidgin in 2009 across multiple distributions (e...
CVE-2005-0064
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value...
CVE-2005-0064
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value...