EUVD-2026-1888

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

CVE-2026-22027 CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

EUVD-2026-1890

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...

CVE-2026-21898 CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the CryptoAOSProcessSecurity function reads...

CVE-2025-64096

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to 1.4.2, there is a missing bounds check in CryptoKeyupdate...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

CVE-2025-46674

CVE-2025-46674 affects NASA CryptoLib prior to 1.3.2. The issue arises from using Extended Procedures that are a Work in Progress and not intended for flight, which could enable a keystream oracle. Public references confirm vulnerability details and link to changes between v1.3.1 and v1.3.2. Repo...

CVE-2025-46674

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress not intended for use during flight, potentially leading to a keystream oracle...

PT-2025-17971 · Nasa · Nasa Cryptolib

Name of the Vulnerable Software and Affected Versions: NASA CryptoLib versions prior to 1.3.2 Description: The issue arises from NASA CryptoLib using Extended Procedures that are a Work in Progress, not intended for use during flight, potentially leading to a keystream oracle. Recommendations: Fo...

How to Exploit SQL Server Using Registry Keys

At the Imperva Research Labs we have the chance to scrutinize various security situations. In this blog, we will take a closer look at database security on SQL Server. One routine approach that security practitioners employ to protect databases is deploying honeypots and waiting for bad actors to...

How to Exploit SQL Server Using OLE Automation

As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server. One standard method that security practitioners use to protect databases is deploying honeypots and waiting for hackers to take the...

CVE-2020-6243

Under certain conditions, SAP Adaptive Server Enterprise XP Server on Windows Platform, versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected...