CVE-2026-21899

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

EUVD-2026-1895

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

CVE-2026-21899

CVE-2026-21899 affects CryptoLib (SDLS-EP) used with cFS ground stations. Prior to v1.4.3, base64urlDecode dereferences input[inputLen-1] before validating inputLen or NULL input, causing an out-of-bounds read at input[-1] when inputLen==0 and potentially a NULL dereference if input==NULL and inp...

PT-2026-2129

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution that uses the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft and a ground station. Prior to...

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...

Security update for qemu

This update for qemu fixes the following issues: CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS bsc1227397 CVE-2025-12464: net: pad packets to minimum length in qemureceivepacket bsc1253002 CVE-2025-11234: qemu-kvm: Fixed use-after-free in websocket...

SUSE-SU-2026:0039-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS bsc1227397 - CVE-2025-12464: net: pad packets to minimum length in qemureceivepacket bsc1253002 - CVE-2025-11234: qemu-kvm: Fixed use-after-free in...

PT-2026-28792

Name of the Vulnerable Software and Affected Versions OWASP Core Rule Set CRS versions prior to 3.3.9 and prior to 4.25.0 Description The OWASP Core Rule Set CRS contains a flaw where whitespace padding in filenames can bypass file upload extension checks. This allows the upload of dangerous file...

PT-2026-25780

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.9 Description Authlib, a Python library for building OAuth and OpenID Connect servers, contains a cryptographic padding oracle vulnerability in the implementation of the JSON Web Encryption JWE RSA1 5 key manageme...

EUVD-2025-205842

YOURLS is vulnerable to XSS through JSONP and Callback request parameters...

GHSA-6MP4-Q625-MXJP YOURLS is vulnerable to XSS through JSONP and Callback request parameters

Summary The callback and jsonp request parameters are directly concatenated into the response without any sanitization that allowing attackers to inject arbitrary JS code. When YOURLSPRIVATE is set to false public API mode, this vulnerability can be exploited by any unauthenticated attacker. In...

CVE-2023-54034

In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...

SUSE CVE-2023-54034

In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...

Linux Distros Unpatched Vulnerability : CVE-2023-54034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, howeve...

CVE-2023-54034

In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...

CVE-2023-54034

In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...

UBUNTU-CVE-2023-54034

In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...

CVE-2023-54034 iommufd: Make sure to zero vfio_iommu_type1_info before copying to user

In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...

CVE-2023-54034 iommufd: Make sure to zero vfio_iommu_type1_info before copying to user

In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...

PT-2025-52991

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A missing zero initialization exists in the iommufd component of the Linux kernel. Specifically, the vfio iommu type1 info structure is not fully initialized to zero before data is copie...