CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS6.9AI score0.00026EPSS

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU virtual crypto device during handling of data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the values of srclen and dstlen in virtiocryptosymophelper, which may lead to a heap buffer overflow if these values differ...

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в nodejs

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS7AI score0.01239EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv – The ssizei check is moved to the beginning of essivaeadcrypt, so it is also checked for decryption and in-place encryption...

5.7AI score0.00028EPSS

Exploits1References2

9.8CVSS7AI score0.02544EPSS

Astra Linux - уязвимость в openssl

To decrypt SM2 encrypted data, an application is expected to call the API function EVPPKEYdecrypt. Typically, an application will call this function twice. The first time, upon entry, the “out” parameter can be NULL, and upon exit, the “outlen” parameter contains the buffer size required to hold...

Exploits1References1

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в openssl

There exists a timing-based side channel in the OpenSSL RSA Decryption implementation. This vulnerability could be sufficient for an attacker to recover plaintext across a network in a Bleichenbacher-style attack. To successfully decrypt data, an attacker would need to be able to send a very larg...

5.9CVSS7AI score0.00224EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в openssl

Issue summary: An application attempting to decrypt messages encrypted using password-based encryption in CMS can trigger an out-of-bounds read or write attack. Impact summary: This out-of-bounds read attack may cause a system crash, leading to a denial of service for the application. The...

7.5CVSS6.8AI score0.00037EPSS

7.8CVSS6.5AI score0.00026EPSS

Astra Linux - уязвимость в linux, linux-5.15, linux-6.1, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tls: Separating the handling of no-async decryption requests from async. If we are not using async, the handling is much simpler. There is no reference counting; we simply need to wait for the completion to wake us up and return...

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в openssl1.0

In situations where an attacker receives automated notifications of the success or failure of a decryption attempt, an attacker can recover the CMS/PKCS7 transport encryption key after sending a very large number of messages to be decrypted. They can also decrypt any RSA-encrypted message encrypt...

4.3CVSS6.6AI score0.01121EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в nettle

A flaw was discovered in the way Nettle’s RSA decryption functions handled specially crafted ciphertext. An attacker could exploit this flaw to deliver manipulated ciphertext, resulting in application crashes and denial of service...

7.5CVSS6.7AI score0.00104EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

7.8CVSS6.4AI score0.00019EPSS

6.2CVSS6AI score0.00015EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Do not free decrypted memory. In CoCo Virtual Machines, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail. As a result, an error may be returned, and the decrypted memor...

7.5CVSS6.9AI score0.00098EPSS

Astra Linux - уязвимость в python-rsa

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

Exploits1References2

6.5CVSS7AI score0.00236EPSS

Astra Linux - уязвимость в linux

A issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check authenticity of fragmented TKIP frames. An adversary can exploit this vulnerability to inject and potentially decrypt packets in WPA or WPA2 networks...

6.5CVSS6.8AI score0.00245EPSS

Astra Linux - уязвимость в firefox, thunderbird, nss

NSS was vulnerable to a timing-side-channel attack during RSA decryption. This attack could potentially allow an attacker to retrieve private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...