Lucene search
+L

275 matches found

OSV
OSV
added 5 days ago5 views

PYSEC-2026-2528 joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

Summary joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None. HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/rfc7518/jwsalgs.py:62-70 feed whatever OctKey.getopkey... produced into hmac.new..., and...

8.7CVSS6.1AI score
Exploits0References7
CVE
CVE
added 2026/07/06 7:35 p.m.16 views

CVE-2026-53763

OP-TEE core AES-GCM is vulnerable to a 32-bit integer overflow in its length counters, affecting the authentication tag after processing more than 512 MB of payload or AAD. Affected versions are 3.0.0 up to, but not including, 4.11.0; the issue is resolved in version 4.11.0 with a patch. No publi...

3.8CVSS6AI score0.00149EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/26 8:50 p.m.18 views

CVE-2026-55069

Kestra OSS (BasicAuth) stores administrator password with SHA-512; if an attacker gains read access to PostgreSQL, offline brute-force can recover the password. In Kubernetes, cracked credentials may enable reading ServiceAccount Tokens and all K8s Secrets, enabling vertical privilege escalation....

8.7CVSS5.8AI score0.00158EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/17 1:25 p.m.33 views

CVE-2026-54417 Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 11:7 p.m.3 views

CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption a...

6.5CVSS6.3AI score0.00399EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openssl1.0

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5.3CVSS6.5AI score0.14298EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28631

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions ESR=0x96000010 and kernel crashes on Monaco-based platforms. These faults are caused by the kernel...

5.8AI score0.00335EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 2:16 p.m.17 views

UBUNTU-CVE-2026-43347

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions ESR=0x96000010 and kernel crashes on Monaco-based platforms. These faults are caused by the kernel...

7.5CVSS5.7AI score0.00335EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/08 9:31 a.m.15 views

EUVD-2026-28534

A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 6:33 p.m.16 views

JLSEC-2026-216 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with...

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5.3CVSS6.3AI score0.14298EPSS
Exploits0References37
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.17 views

zserio 输入验证错误漏洞

Zserio is an open-source framework for efficiently serializing structured data by Navigation Data Standard e.V. Versions of Zserio prior to 2.18.1 contained a vulnerability related to input validation errors. This vulnerability occurred due to the setBitPosition boundary check in the...

7.5CVSS6AI score0.00328EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/10 9:36 a.m.7 views

CVE-2026-28386

A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service DoS. This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequen...

9.1CVSS5.8AI score0.00313EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 8:50 a.m.3 views

openssl: openssl: Denial of Service due to out-of-bounds read in AES-CFB128

A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service DoS. This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequen...

9.1CVSS6.9AI score0.00313EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/07 10:0 p.m.8 views

CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

9.1CVSS5.6AI score0.00313EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 10:0 p.m.34 views

CVE-2026-28386 Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

0.00313EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 10:0 p.m.35 views

CVE-2026-28386

The CVE CVE-2026-28386 affects OpenSSL’s FIPS module (version 3.6) on x86-64 systems with AVX-512 and VAES. A partial-block processing path in AES-CFB-128 can trigger an out-of-bounds read of up to 15 bytes when the input buffer sits at a page boundary and the next page is unmapped, potentially c...

9.1CVSS6AI score0.00313EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/07 12:0 a.m.5 views

CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

9.1CVSS6AI score0.00313EPSS
Exploits0References2
NVD
NVD
added 2026/03/23 4:16 p.m.5 views

CVE-2026-33488

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

8.1CVSS0.00251EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 3:23 p.m.11 views

CVE-2026-33488

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

7.4CVSS5.7AI score0.00251EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/23 3:23 p.m.28 views

CVE-2026-33488 AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

7.4CVSS0.00251EPSS
Exploits1References2
Rows per page
Query Builder