Lucene search
K

549 matches found

Debian CVE
Debian CVE
added 2024/11/19 1:30 a.m.10 views

CVE-2024-50281

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation When sealing or unsealing a key blob we currently do not wait for the AEAD cipher operation to finish and simply return after submitting the request. If there is...

5.5CVSS5.6AI score0.00173EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.8 views

kernel: crypto: pcrypt - Fix hungtask for PADATA_RESET

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as follows: INFO: task cryptomgrtest:391009 blocked for more than 120 seconds. "echo 0 /proc/sys/kernel/hungtasktimeoutsecs" disables this...

5.5CVSS6.4AI score0.00286EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/08 12:0 a.m.5 views

The vulnerability of the tipc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the tipc component in the Linux operating system’s kernel is related to the assignment of the NULL pointer in the tipcaeadinit function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.9AI score0.00222EPSS
Exploits0References14Affected Software4
RedhatCVE
RedhatCVE
added 2024/10/22 12:13 p.m.14 views

CVE-2024-50047

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

6.7CVSS6.7AI score0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/21 7:39 p.m.13 views

CVE-2024-50047 smb: client: fix UAF in async decryption

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

6.7AI score0.00231EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/10/21 7:39 p.m.33 views

CVE-2024-50047 smb: client: fix UAF in async decryption

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

0.00231EPSS
Exploits0References6
OSV
OSV
added 2024/10/21 1:45 p.m.11 views

CLSA-2024-1729518310 Fix of 15 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-38632 - vfio/pci: fix potential memory leak in vfiointxenable CVE-url: https://ubuntu.com/security/CVE-2024-46840 - btrfs: clean up our handling of refs == 0 in snapshot delete CVE-url: https://ubuntu.com/security/CVE-2024-44954 - ALSA: line6: Fix rac...

7.8CVSS6.9AI score0.00275EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/08/06 1:58 a.m.4 views

SUSE CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

4.1CVSS6.5AI score0.00228EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2024/07/30 7:47 a.m.17 views

CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

4.1CVSS5.6AI score0.00228EPSS
Exploits0
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from crypto:aead, a buffer in the cipher module that should be cleared and freed from previously held private keys using kfreesensitive...

4.1CVSS6.6AI score0.00228EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/07/08 12:0 a.m.29 views

Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)

The version of Tenable.ad installed on the remote host is prior to 3.59.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-11 advisory. - The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...

8.6CVSS7.7AI score0.87211EPSS
Exploits11References24
SUSE CVE
SUSE CVE
added 2024/05/29 2:36 a.m.8 views

SUSE CVE-2023-52813

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as follows: INFO: task cryptomgrtest:391009 blocked for more than 120 seconds. "echo 0 /proc/sys/kernel/hungtasktimeoutsecs" disables this...

5.5CVSS6.5AI score0.00286EPSS
Exploits0References11
OSV
OSV
added 2024/05/21 4:15 p.m.6 views

DEBIAN-CVE-2023-52813

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as follows: INFO: task cryptomgrtest:391009 blocked for more than 120 seconds. "echo 0 /proc/sys/kernel/hungtasktimeoutsecs" disables this...

5.5CVSS5.7AI score0.00286EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.42 views

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-3255)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications...

7.8CVSS6.9AI score0.00862EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2024/01/11 5:22 p.m.42 views

K000138198: OpenSSL vulnerability CVE-2023-6129

Security Advisory Description Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influenc...

6.5CVSS7.1AI score0.02323EPSS
Exploits0
Prion
Prion
added 2024/01/09 5:15 p.m.44 views

Design/Logic Flaw

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

4CVSS7.5AI score0.02323EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/01/09 4:36 p.m.32 views

CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

7.2AI score0.02323EPSS
Exploits0References4
CVE
CVE
added 2024/01/09 4:36 p.m.316 views

CVE-2023-6129

CVE-2023-6129: OpenSSL POLY1305 MAC bug on PowerPC (PowerISA 2.07) can corrupt vector registers/state when POLY1305 is used, potentially affecting TLS deployments. Impact ranges from no observable issues to application crashes or takeover, per advisories. Affected platforms are PowerPC CPUs with ...

6.5CVSS6.8AI score0.02323EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2024/01/09 4:36 p.m.36 views

CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS7AI score0.02323EPSS
Exploits0References15
Debian CVE
Debian CVE
added 2024/01/09 4:36 p.m.85 views

CVE-2023-6129

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS7.8AI score0.02323EPSS
Exploits0
Rows per page
Query Builder