Lucene search
K

445 matches found

The Hacker News
The Hacker News
added yesterday10 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

3.8CVSS6.2AI score0.00149EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2026-21383

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security...

7.1CVSS0.00069EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:16 p.m.3 views

DEBIAN-CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:9 p.m.12 views

CVE-2026-21383

CVE-2026-21383 describes a cryptographic issue in which AES-GCM key wrapping uses a static initialization vector (IV). The static IV conflicts with the requirement for a unique IV per operation, which can undermine confidentiality and integrity. The CVSS 3.1 metrics provided indicate a high impac...

7.1CVSS6AI score0.00069EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/07/06 7:35 p.m.6 views

CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0
OSV
OSV
added 2026/07/06 6:28 a.m.5 views

OESA-2026-2860 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:28 a.m.4 views

OESA-2026-2859 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:28 a.m.4 views

OESA-2026-2858 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-55967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wra...

7.5CVSS6AI score0.00114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-57062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes bu...

9.1CVSS7AI score0.00237EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 11:6 a.m.3 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
EUVD
EUVD
added 2026/06/25 10:14 p.m.11 views

EUVD-2026-31388

golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.8 views

golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/25 10:14 p.m.3 views

GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 6:16 p.m.5 views

UBUNTU-CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 4:53 p.m.5 views

CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS5.8AI score0.00114EPSS
Exploits0
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-57062

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

2.9CVSS0.0011EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 5:26 p.m.4 views

CVE-2026-57062

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

2.9CVSS5.8AI score0.0011EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 5:26 p.m.7 views

EUVD-2026-38550

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

9.1CVSS5.8AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder