Lucene search
K

265 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 8:30 p.m.12 views

electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/11 6:31 p.m.8 views

EUVD-2026-29086

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.3CVSS6.5AI score0.00131EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/08 9:29 p.m.15 views

CVE-2026-43384

A flaw was found in the Linux kernel's TCP Authentication Option TCP-AO implementation. This vulnerability arises from a non-constant-time comparison of Message Authentication Codes MACs. A remote attacker could potentially exploit this timing discrepancy to perform a timing attack, which may lea...

9.8CVSS5.8AI score0.00457EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 9:24 p.m.13 views

CVE-2026-43383

A flaw was found in the Linux kernel's TCP MD5 signature option. This vulnerability allows a remote attacker to perform timing attacks due to a non-constant-time comparison of Message Authentication Codes MACs. By observing the time taken for MAC comparisons, an attacker could potentially infer...

9.4CVSS5.8AI score0.00443EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.11 views

EUVD-2026-28689

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

5.7AI score0.00443EPSS
Exploits0References8
NVD
NVD
added 2026/05/08 3:16 p.m.11 views

CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS0.00457EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.12 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.11 views

CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References6
OSV
OSV
added 2026/05/08 3:16 p.m.7 views

UBUNTU-CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0
CVE
CVE
added 2026/05/08 2:21 p.m.41 views

CVE-2026-43383

CVE-2026-43383 affects the Linux kernel’s TCP MD5 signature handling. The root cause is a non-constant-time MAC comparison, enabling potential timing attacks. The vulnerability is addressed by changing the MAC comparison to a constant-time implementation using the appropriate helper function. The...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.9 views

PT-2026-39045

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A timing attack issue exists in the TCP Authentication Option TCP-AO implementation. The Message Authentication Code MAC comparison was not performed in constant-time, which could allow ...

9.8CVSS5.8AI score0.00457EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of a non-constant time for the MAC comparison of tcp-md5, potentially leading to timing attacks...

9.4CVSS5.8AI score0.00443EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-39044

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A timing attack is possible because Message Authentication Codes MACs are not compared in constant time. This allows an attacker to potentially deduce information by measuring the time t...

9.4CVSS5.8AI score0.00443EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the MAC comparison in tcp-ao does not use a constant time, potentially leading to timing...

9.8CVSS5.8AI score0.00457EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 8:16 p.m.11 views

CVE-2026-41244

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

4.7CVSS0.00108EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/24 12:0 a.m.6 views

Libgcrypt 1.12.2

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011046)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011046 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared ...

5.6AI score0.00175EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013091)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013091 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared ...

5.6AI score0.00175EPSS
Exploits0References4
Rows per page
Query Builder