11336 matches found
CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
UBUNTU-CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
CVE-2026-57062
CVE-2026-57062: The CMS parsing in GnuPG’s gpgsm (up to version 2.5.20) mishandles AES-GCM when processing CMS structures, accepting an aes-ICVlen of 4 bytes instead of the required 12. This is a component/format handling flaw in GnuPG’s CMS implementation. The CVE record cites a related issue (C...
PT-2026-51574
Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.5.21 Description CMS Cryptographic Message Syntax parsing in gpgsm mishandles the CMS format for AES-GCM. The issue occurs because the aes-ICVlen is accepted as 4 bytes, whereas it is supposed to be 12 bytes...
Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8462-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8462-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...
USN-8462-1: Linux kernel (Oracle) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
USN-8462-1 linux-oracle-5.15 vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
CVE-2026-8636
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...
CVE-2026-8636 Multiple Vulnerabilities in IBM Datacap
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...
EUVD-2026-38283
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...
CVE-2026-8636
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...
CVE-2026-8636
CVE-2026-8636 affects IBM Datacap (versions 9.1.7–9.1.9) and Datacap Navigator (9.1.7–9.1.9). The vulnerability allows an attacker to retrieve user passwords and cryptographic keys from memory, enabling use of those keys to decrypt passwords, gain access to the application, and access sensitive d...
Security Bulletin: Multiple Vulnerabilities in Hyper-Converged Database 1.2
Summary Multiple vulnerabilities were addressed in Hyper-Converged Database version 1.2.6 Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the...
A Critical Deadline Is Approaching for Windows and Linux Security
The cryptographic keys that secure your computer’s boot sequence will start to expire on June 24. Here’s what that means for you...
Security Bulletin: Multiple Security Vulnerabilities in third-Party libraries used by IBM Tivoli Netcool Configuration Manager
Summary Multiple vulnerabilities in the third-party Bouncy Castle libraries used by IBM Tivoli Netcool Configuration Manager have been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle In...
SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2026:2403-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2403-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in Password-Based CMS...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-8441-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8441-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...
Astra Linux – Vulnerability in Munge
MUNGE is an authentication service for creating and validating user credentials. From version 0.5 to 0.5.17, local attackers could exploit a buffer overflow vulnerability in MUNGE the authentication daemon to leak cryptographic key material from process memory. With the leaked key material,...