1477 matches found
CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
EUVD-2025-198522
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
CVE-2025-11931
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
CVE-2025-11931
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
JLSEC-2025-202 A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware M...
A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...
PT-2025-47819
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-11931 Description An integer underflow can lead to out-of-bounds access during decryption using XChaCha20-Poly1305. This occurs specifically when calling the wc XChaCha20Poly1305 Decrypt function, which is utilized by...
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices
Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its ability to bypass encrypted messaging," ThreatFabric said in a report shared with The...
TencentOS Server 4: grub2 (TSSA-2025:0411)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0411 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
PT-2025-47514
Name of the Vulnerable Software and Affected Versions Twonky Server version 8.5.2 Description Twonky Server version 8.5.2 on Linux and Windows contains a cryptographic flaw due to the use of hard-coded cryptographic keys. An attacker who knows the encrypted administrator password can decrypt it...
EUVD-2025-179763
Malicious code in char-alert-abstract-decrypt-test npm...
EUVD-2025-180523
Malicious code in abstract-decrypt-async-public-phi npm...
EUVD-2025-175881
Malicious code in tree-notify-report-decrypt-scale npm...
EUVD-2025-179349
Malicious code in delta-encrypt-decrypt-process-hot npm...
EUVD-2025-176951
Malicious code in proxy-decrypt-bad-byte-cat npm...
EUVD-2025-177049
Malicious code in private-easy-string-decrypt-meta npm...
EUVD-2025-177179
Malicious code in pi-permission-debug-decrypt-slow npm...
EUVD-2025-176375
Malicious code in simple-file-omicron-function-decrypt npm...
EUVD-2025-175957
Malicious code in thread-compile-parse-decrypt-air npm...
EUVD-2025-175898
Malicious code in transpile-bundle-upsilon-decrypt-secure npm...
EUVD-2025-175883
Malicious code in tree-function-kappa-decrypt-assert npm...