19 matches found
VulnCheck KEV: CVE-2026-1357
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...
Panic in `libcrux-psq` on decryption of malformed AES-GCM ciphertext
The latest releases of the libcrux-psq crate contains the following bug-fix: 1319: Propagate AEADError instead of panicking The issue fixed in 1319 was first reported by Nadim Kobeissi...
EUVD-2025-205832
A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service DoS via inputting an empty value as a password...
EUVD-1999-0837
Malware in sbrugna...
CVE-2025-26696
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...
PT-2025-54210
Name of the Vulnerable Software and Affected Versions GNU Recutils versions prior to 1.9 Description A flaw exists in the encryption and decryption processes of GNU Recutils that can lead to a Denial of Service DoS. This occurs when an empty value is provided as a password. Recommendations Update...
UBUNTU-CVE-2024-36911
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need to...
CVE-2024-3729
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can ...
GHSA-RJMV-52MP-GJRR vantage6 may create unencrypted tasks in encrypted collaboration
Impact There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Workarounds This is not an issue with the normal workflow...
PT-2023-17228 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0 through 2.0.0p34 Checkmk versions 2.1.0 through 2.1.0p25 Checkmk versions 2.2.0b3 and earlier Description: Inappropriate error handling in Checkmk causes the symmetric encryption of...
SUSE CVE-2020-13777
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...
Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor (PRM) Model 3120 Encryption Error Vulnerability
The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is a portable cardiac rhythm management Crm programming system from Boston Scientific, Inc. The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is vulnerable to an encryption error that could...
CVE-2012-2130
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys...
CVE-2012-2130
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys...
One year later: The VPNFilter catastrophe that wasn't
Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. The attacker’s...
CVE-1999-0856
login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist...
CVE-1999-0856
CVE-1999-0856 affects Slackware 7.0. The vulnerability arises because remote authentication feedback reveals whether an account exists or is locked by reporting an encryption error, enabling user enumeration. The issue is tied to the login process and causes disclosure of valid user names without...
CVE-1999-0856
login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist...
PT-1999-1409 · Slackware · Slackware
Name of the Vulnerable Software and Affected Versions: Slackware version 7.0 Description: The issue allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. Recommendations: For Slackware version 7.0, update to a...