GHSA-HC3C-63HC-2R9F libcrux: Potential Panic on Overlong Ciphertext Buffer

An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...

PT-2026-23893

Name of the Vulnerable Software and Affected Versions Crypt::NaCl::Sodium versions through 2.002 Description The Crypt::NaCl::Sodium library for Perl versions through 2.002 may experience integer overflows in the bin2hex, encrypt, aes256gcm encrypt afternm, and seal functions. These functions do...

CVE-2026-22024 CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the cryptographyencrypt function allocates...

PT-2026-2132

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software-only solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight Syste...

EUVD-2006-1600

Malware in sbrugna...

CVE-2025-38052 net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done

In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipcaeadencryptdone Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free...

Ciphertext Leakage

Netbird is vulnerable to Ciphertext Leakage. The vulnerability is due to the use of a static initialization vector IV in the Encrypt function within the crypt.go file, which does not change for different encryption operations and allows attackers to expose the sensitive information through...

GHSA-9V35-4XCR-W9PH NetBird uses a static initialization vector (IV)

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41260

CVE-2024-41260 : NetBird’s netbird management service (versions 0.23.2–0.29.1) uses a static initialization vector (IV) in the encrypt function, enabling an attacker with access to the audit events database to obtain sensitive information (email addresses). Root cause: static IV in the encryption...

PT-2024-29338

Name of the Vulnerable Software and Affected Versions netbird version 0.28.4 Description The issue concerns a static initialization vector IV used in the encrypt function, allowing attackers to obtain sensitive information. This static IV is utilized in the github.com/netbirdio/netbird code...

GHSA-92WP-JGHR-HH87 Weak encryption in Ninja Core

The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...

CVE-2024-36823

The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...

CVE-2024-36823

Last updated 24 July 2024...

PT-2024-27171 · Unknown · Ninja Core

Name of the Vulnerable Software and Affected Versions: Ninja Core version 7.0.0 Description: The encrypt function was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information. Recommendations: For Ninja Core version 7.0.0, consider disabling the...

Improper Neutralization of Special Elements used in a Command

Overview node-qpdf is an A Content Preserving transformations on PDFs wrapped around QPDF Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in a Command such that the package-exported method encrypt fails to sanitize its parameter input, which...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

CVE-2021-4239

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 18.4 quintillion messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to b...

IRC Services-- Denial of Service Vulnerability

Secunia reports: A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to the improper handling of overly long passwords within the "defaultencrypt" function in encrypt.c and can be exploited to...