Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-43362 | 1 Linux | 1 Linux Kernel | 2026-05-09 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov. smb3_init_transform_rq() pointer-shares rq_iov, so crypt_message() encrypts iov[1] in-place, replacing the original plaintext with ciphertext. On a replayable error, the retry sends the same iov[1] which now contains ciphertext instead of the original data, resulting in corruption. The corruption is most likely to be observed when connections are unstable, as reconnects trigger write retries that re-send the already-encrypted data. This affects SFU mknod, MF symlinks, etc. On kernels before 6.10 (prior to the netfs conversion), sync writes also used this path and were similarly affected. The async write path wasn't unaffected as it uses rq_iter which gets deep-copied. Fix by moving the write payload into rq_iter via iov_iter_kvec(), so smb3_init_transform_rq() deep-copies it before encryption. | ||||
| CVE-2025-5323 | 2026-04-15 | 3.7 Low | ||
| A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-41351 | 1 Funambol | 1 Funambol | 2026-04-15 | N/A |
| Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs. | ||||
| CVE-2024-36279 | 2026-04-15 | 5.3 Medium | ||
| Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack. | ||||
| CVE-2024-10772 | 1 Sick | 2 Inspector61x Firmware, Inspector62x Firmware | 2026-04-15 | 8.8 High |
| Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device. | ||||
| CVE-2019-3730 | 1 Dell | 1 Bsafe Micro-edition-suite | 2024-11-21 | 7.5 High |
| RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | ||||
| CVE-2010-3300 | 1 Owasp | 1 Enterprise Security Api For Java | 2024-11-21 | 5.9 Medium |
| It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | ||||
Page 1 of 1.