158 matches found
CVE-2025-30216
CryptoLib SDLS-EP (NASA cFS) has a heap overflow in Crypto_TM_ProcessSecurity for TM packets. In versions total packet length, memcpy into p_new_dec_frame overflows. Impact: potential arbitrary code execution or system instability. Remediation: patch available at commit 810fd66d592c883125272fef1...
CVE-2025-29910
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A memory leak vulnerability was identified in the...
CVE-2025-29913
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A critical heap buffer overflow vulnerability was identified in the...
CVE-2025-29912 CryptoLib Has Heap Buffer Overflow Due to Unsigned Integer Underflow in Crypto_TC_ProcessSecurity
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the...
CVE-2025-29910
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A memory leak vulnerability was identified in the...
CryptoLib 安全漏洞
CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib version 1.3.3 and earlier, which originates from a heap buffer overflow and could result in a denial of servi...
EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2025-1120)
According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 o...
CVE-2023-46715
An origin validation error CWE-346 vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send but not receive packets spoofing the IP of another user via crafted network packets...
DEBIAN-CVE-2024-8250
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file...
CGA-P7V4-67C5-9XQG
Bulletin has no description...
CGA-RQ75-RW2X-5W4H
Bulletin has no description...
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
Impact Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous break...
AZL-42765 CVE-2024-2511 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...
PT-2024-2564 · Ivanti · Ivanti Policy Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x Description: A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure allows an unauthenticated...
CLSA-2023-1697816385 curl: Fix of 2 CVEs
CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off end of array for SCP home directory case...
The vulnerability of the Mbed TLS software lies in errors during encryption processing in DTLS connections, allowing attackers to execute arbitrary code.
The vulnerability of the Mbed TLS software is related to errors in encryption processing in DTLS connections when using zero-key encryption or RC4 encryption. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Apache Kafka Connect API Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
Play ransomware gang compromises Spanish bank, threatens to leak files
Ransomware is creating additional work for a major Spanish bank. Globalcaja, said to have more than 300 offices in Spain and close to half a million customers, has fallen victim to the Play ransomware gang. The gang claim to have swiped both private and personal information in the attack--includi...
SUSE CVE-2003-0432
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the 1 BGP, 2 WTP, 3 DNS, 4 802.11, 5 ISAKMP, 6 WSP, 7 CLNP, 8 ISIS, and 9 RMI dissectors...
SUSE CVE-2010-0161
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service heap memory corruption and applicatio...