USN-8101-1: Vim vulnerabilities

Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. An attacker could possibly use this issue to cause a denial of service. CVE-2026-25749 It was discovered that Vim did not correctly handle processing certain specialKey commands. An attacker could possibly use thi...

PT-2026-6575

Name of the Vulnerable Software and Affected Versions Nsauditor Product Key Explorer version 4.2.2.0 Description The application can be crashed by a local attacker inputting a specially crafted registration key. A payload of 1000 bytes of repeated characters, when pasted into the 'Key' input fiel...

Important: libxml2

Issue Overview: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0124)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns durin...

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a perpetrator to enhance their privileges.

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to an error in processing authentication keys controlled by users. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

DEBIAN-CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

The vulnerability of Hikvision’s IP cameras’ microprogramming software lies in the fact that the operation value escapes the buffer in memory when processing the PrivateKey parameter. This allows a intruder to trigger a service failure.

The vulnerability of Hikvision’s IP cameras’ microprogramming software is related to the issue where the operation data escapes from the buffer into memory when processing the PrivateKey parameter. Exploiting this vulnerability can allow a remote attacker to cause a service failure by sending a...

ROS-20250110-14

Vulnerability of ServerConfig.PublicKeyCallback function of the library for Go crypto programming language is related to a flaw in the authorization procedure for key processing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions...

ROS-20241220-04

Vulnerability of ServerConfig.PublicKeyCallback function of the library for Go crypto programming language is related to a flaw in the authorization procedure for key processing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions...

Oracle Linux 9 : openssl (ELSA-2024-12093)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12093 advisory. - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 Resolves: RHEL-5302 - Excessive time spent...

AlmaLinux 9 : openssl (ALSA-2024:0310)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0310 advisory. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during...

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

OpenSSL Incorrect Cipher Key & IV Length Processing Vulnerability (20231024) - Linux

OpenSSL is prone to an incorrect processing of key and initialisation vector IV lengths vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

The vulnerability of TP-Link T2600G-28SQ switch’s microprogramming software, related to errors in managing registration data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of TP-Link T2600G-28SQ switch’s microprogramming software is related to errors in managing registration data when processing SSH keys. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

ISC BIND DoS Vulnerability (CVE-2022-2906) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2022-2906

A flaw was found in the Bind package, where a flaw in ‘named’ can cause a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions. This flaw allows an attacker to gradually erode available memory to the point where ‘named’ crashes d...

The vulnerability of the encryption algorithm implementation according to GOST 34.12 in the CTR_OMAC library, which is used in the implementation of the OpenSSL protocol, allows a perpetrator to trigger buffer overflows, provided that the server uses 512-bit secret keys.

The vulnerability of the encryption algorithm implementation according to GOST 34.12 for the CTROMAC library, used in the implementation of the OpenSSL protocol, is related to errors in processing the encryption key for the BLOB object a large binary object in the...

The vulnerability of the xAPI microprogramming software component of the Cisco TelePresence Collaboration Endpoint (CE) conference call control device and the Cisco RoomOS operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the xAPI microprogramming software components of the Cisco TelePresence Collaboration Endpoint conference call management device and the Cisco RoomOS operating system is related to an error in the processing of authentication keys controlled by users. Exploiting this...