CVE-2020-37198 Duplicate Cleaner Pro 4 - Denial of Service

Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...

CVE-2021-47814 NBMonitor 1.6.8 - Denial of Service (PoC)

NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-42229)

crypto: aead,cipher - key buffer after use not zeroized. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504477; scriptversion"1.2";...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990291)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990291 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that...

CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

CVE-2025-49601

CVE-2025-49601 affects MbedTLS 3.3.0 through 3.6.3 (fixed in 3.6.4). The issue is in mbedtls_lms_import_public_key, which reads a 4-byte type indicator before validating the input size. If the input LMS public-key buffer is truncated to fewer than four bytes, this allows an out-of-bounds read, po...

libssh 安全漏洞

libssh is a C development package from the libssh organization for accessing SSH services, which is capable of executing remote commands, file transfers, as well as providing a secure transport channel for remote programs. A security vulnerability exists in libssh that stems from an inconsistent...

PT-2025-18463

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-out-of-bounds issue has been resolved in the Linux kernel's hfs subsystem. The issue was reported by Syzbot and occurred in the hfs bnode read key function. The problem was caused...

SUSE-SU-2025:1027-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-2201: Fixed information leak in x86/BHI bsc1217339. - CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers bsc1228483. -...

crypto: aeadcipher - zeroize key buffer after use

...

CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

CVE-2024-42229 crypto: aead,cipher - zeroize key buffer after use

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

CVE-2024-42229

CVE-2024-42229 concerns a Linux kernel cryptography hardening issue in the AEAD/cipher path. The description states that after cryptographic operations, the key buffer must be zeroized, in line with I.G 9.7.B for FIPS 140-3 guidance. The fix involves zeroizing buffers that previously held private...

Design/Logic Flaw

Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collatorsort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging the relationships between a key buffer...