Lucene search
K

261 matches found

Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-21383 Reusing a Nonce, Key Pair in Encryption in HLOS

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security...

7.1CVSS0.00069EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-21383

CVE-2026-21383 describes a cryptographic issue in which AES-GCM key wrapping uses a static initialization vector (IV). The static IV conflicts with the requirement for a unique IV per operation, which can undermine confidentiality and integrity. The CVSS 3.1 metrics provided indicate a high impac...

7.1CVSS6AI score0.00069EPSS
Exploits0References1Affected Software1
OSV
OSV
added 6 days ago3 views

OESA-2026-2875 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is...

7.5CVSS7.2AI score0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 7:42 p.m.33 views

CVE-2026-59099 Apereo CAS 7.3.0 < 8.0.0-RC6 - AES-GCM Nonce Reuse Information Disclosure

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS0.00356EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 7:42 p.m.26 views

CVE-2026-59099

Apereo CAS: vulnerability in 7.3.0 prior to 8.0.0-RC6 due to AES-GCM IV reuse across server lifetime, enabling remote unauthenticated attackers to recover plaintext webflow conversation state by known-plaintext analysis on multiple client-side webflow tokens collected from the unauthenticated log...

9.3CVSS6AI score0.00356EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 12:34 a.m.11 views

EUVD-2026-40449

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-56369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploi...

6.3CVSS6AI score0.00229EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-56369

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56369

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images...

6.3CVSS0.00229EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:8 p.m.6 views

CVE-2026-56369

Removed by vendor...

6.3CVSS5.9AI score0.00229EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:8 p.m.12 views

CVE-2026-56369

CVE-2026-56369 concerns ImageMagick prior to 7.1.2-22, where an information-disclosure vulnerability arises in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers could potentially recover plaintext from encrypted images because the nonce is reused in the CTR mode. The available...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.32 views

CVE-2026-56369 ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images...

6.3CVSS0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/22 2:7 p.m.10 views

CVE-2026-12205

A flaw was found in Crypt::DSA, a Perl module for Digital Signature Algorithm DSA cryptography. This vulnerability occurs because the software reuses a unique random number, known as a nonce, for multiple digital signatures generated with the same cryptographic key. An attacker could exploit this...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/16 12:34 a.m.12 views

EUVD-2026-37016

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

5.2AI score0.00289EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 11:16 p.m.13 views

CVE-2026-12205

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 9:57 p.m.49 views

CVE-2026-12205 Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

0.00289EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 9:57 p.m.22 views

CVE-2026-12205

Crypt::DSA for Perl versions before 1.21 reuse the per-signature nonce across signatures because the sign() function caches nonce data in the Key object and does not clear it. The first sign() selects a nonce and later signs reuse that nonce, producing identical r values, enabling potential priva...

9.1CVSS5.2AI score0.00289EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/15 9:57 p.m.11 views

CVE-2026-12205

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS5.3AI score0.00289EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-12205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce...

9.1CVSS5.9AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49531

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.21 Description The software reuses the nonce across signatures, which can lead to the recovery of the private key. The sign function in the Crypt::DSA::sign module caches the per-signature nonce material within t...

5.3AI score0.00289EPSS
Exploits0References5
Rows per page
Query Builder