Lucene search
K

158 matches found

CVE
CVE
added 2025/03/25 7:22 p.m.86 views

CVE-2025-30216

CryptoLib SDLS-EP (NASA cFS) has a heap overflow in Crypto_TM_ProcessSecurity for TM packets. In versions total packet length, memcpy into p_new_dec_frame overflows. Impact: potential arbitrary code execution or system instability. Remediation: patch available at commit 810fd66d592c883125272fef1...

9.4CVSS8.4AI score0.0237EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/19 10:24 p.m.12 views

CVE-2025-29910

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A memory leak vulnerability was identified in the...

7.5CVSS7AI score0.0046EPSS
Exploits1References1
NVD
NVD
added 2025/03/17 11:15 p.m.42 views

CVE-2025-29913

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A critical heap buffer overflow vulnerability was identified in the...

9.8CVSS0.00657EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/17 10:48 p.m.16 views

CVE-2025-29912 CryptoLib Has Heap Buffer Overflow Due to Unsigned Integer Underflow in Crypto_TC_ProcessSecurity

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the...

9.3CVSS8AI score0.01129EPSS
Exploits1References2
NVD
NVD
added 2025/03/17 10:15 p.m.30 views

CVE-2025-29910

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A memory leak vulnerability was identified in the...

7.5CVSS0.0046EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/17 12:0 a.m.5 views

CryptoLib 安全漏洞

CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib version 1.3.3 and earlier, which originates from a heap buffer overflow and could result in a denial of servi...

9.8CVSS7.9AI score0.00992EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/01/21 12:0 a.m.18 views

EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2025-1120)

According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 o...

9.8CVSS7.4AI score0.0375EPSS
Exploits1References6
NVD
NVD
added 2025/01/14 2:15 p.m.36 views

CVE-2023-46715

An origin validation error CWE-346 vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send but not receive packets spoofing the IP of another user via crafted network packets...

5CVSS0.00913EPSS
Exploits0References1
OSV
OSV
added 2024/08/29 12:15 a.m.1 views

DEBIAN-CVE-2024-8250

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References1
OSV
OSV
added 2024/06/07 5:4 p.m.8 views

CGA-P7V4-67C5-9XQG

Bulletin has no description...

5.5CVSS6.3AI score0.00446EPSS
Exploits0
OSV
OSV
added 2024/06/07 1:5 p.m.7 views

CGA-RQ75-RW2X-5W4H

Bulletin has no description...

5.5CVSS6.3AI score0.00446EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/10 3:33 p.m.52 views

Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

Impact Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous break...

8.2CVSS7AI score0.00734EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2024/04/08 2:15 p.m.8 views

AZL-42765 CVE-2024-2511 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.6AI score0.54026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.3 views

PT-2024-2564 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x Description: A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure allows an unauthenticated...

9.8CVSS7.1AI score0.18987EPSS
Exploits0References50
OSV
OSV
added 2023/10/20 3:39 p.m.7 views

CLSA-2023-1697816385 curl: Fix of 2 CVEs

CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off end of array for SCP home directory case...

8.8CVSS6.8AI score0.02596EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2023/10/11 12:0 a.m.8 views

The vulnerability of the Mbed TLS software lies in errors during encryption processing in DTLS connections, allowing attackers to execute arbitrary code.

The vulnerability of the Mbed TLS software is related to errors in encryption processing in DTLS connections when using zero-key encryption or RC4 encryption. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.6AI score0.00783EPSS
Exploits0References5Affected Software3
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.48 views

Apache Kafka Connect API Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS7AI score0.95302EPSS
Exploits8
Malwarebytes
Malwarebytes
added 2023/06/05 5:0 p.m.19 views

Play ransomware gang compromises Spanish bank, threatens to leak files

Ransomware is creating additional work for a major Spanish bank. Globalcaja, said to have more than 300 offices in Spain and close to half a million customers, has fallen victim to the Play ransomware gang. The gang claim to have swiped both private and personal information in the attack--includi...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-0432

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the 1 BGP, 2 WTP, 3 DNS, 4 802.11, 5 ISAKMP, 6 WSP, 7 CLNP, 8 ISIS, and 9 RMI dissectors...

10CVSS6.9AI score0.02261EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.2 views

SUSE CVE-2010-0161

The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service heap memory corruption and applicatio...

4.3CVSS8.2AI score0.0167EPSS
Exploits1References5
Rows per page
Query Builder