Lucene search
K

228 matches found

UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.19 views

CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

9.8CVSS5.8AI score0.00502EPSS
Exploits0References9
OSV
OSV
added 2026/05/08 2:16 p.m.10 views

UBUNTU-CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

9.8CVSS5.8AI score0.00502EPSS
Exploits0References21
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:11 p.m.9 views

CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

5.8AI score0.00502EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/05/08 1:11 p.m.35 views

CVE-2026-43304

CVE-2026-43304 affects the Linux kernel libceph component. The flaw arises when decoding key material in process_auth_done(), where the code failed to enforce an upper bound on key length. The fix defines and enforces CEPH_MAX_KEY_LEN and clamps key material to a fixed-size buffer, addressing a v...

9.8CVSS5.8AI score0.00502EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from undefined and forced checks on the maximum length of keys in the libceph library. This...

9.8CVSS6.1AI score0.00502EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 6:31 p.m.5 views

EUVD-2026-23450

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: munge (UTSA-2026-007303)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007303 advisory. MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in...

7.8CVSS6.4AI score0.00302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS5.8AI score0.00211EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.3 views

SUSE CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS5.9AI score0.00211EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 4:24 a.m.24 views

CVE-2026-32953

Tillitis TKey Client (Go module tkeyclient) versions

4.7CVSS5.9AI score0.00246EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/19 8:46 p.m.5 views

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG via induced transient faults in the Keccak-based expansion process. An attacker can compromise key material and cryptographic outcomes by physically manipulating seed or...

5.7CVSS5.8AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:19 p.m.8 views

CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 8:14 p.m.7 views

CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS5.9AI score0.00211EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.6 views

Amazon Linux 2023 : munge, munge-devel, munge-libs (ALAS2023-2026-1453)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1453 advisory. MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon...

7.8CVSS6.2AI score0.00302EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/15 12:0 a.m.4 views

FreeBSD : munge -- CWE-787: Out-of-bounds Write (17186409-09d2-11f1-a39c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17186409-09d2-11f1-a39c-b42e991fc52e advisory. https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authenticatio...

7.8CVSS6.3AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2026/02/13 1:15 p.m.10 views

OESA-2026-1348 munge security update

MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having...

7.8CVSS6.2AI score0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 6:55 p.m.3 views

CVE-2026-25506 MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.7CVSS6.2AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2026/02/10 6:55 p.m.5 views

CVE-2026-25506 MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.7CVSS6.3AI score0.00302EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2026/02/10 12:0 a.m.5 views

munge -- CWE-787: Out-of-bounds Write

https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak...

7.8CVSS6.1AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 3:10 p.m.3 views

GHSA-HCP2-X6J4-29J7 RustCrypto: Signatures has timing side-channel in ML-DSA decomposition

Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...

6.4CVSS6.9AI score0.00173EPSS
Exploits0References6
Rows per page
Query Builder