Lucene search
K

532 matches found

vulnersOsv
vulnersOsv
added 2026/03/04 12:0 p.m.7 views

libcrux-aead (>=0.0.4 <=0.0.7-rc.1) potentially affected by unknown CVE via libcrux-poly1305 (>=0.0.4 <=0.0.5-rc.1)

libcrux-poly1305 CARGO version =0.0.4, =0.0.4, =0.0.7-rc.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0073...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/03/04 12:0 p.m.10 views

Panic in Standalone MAC Operations

An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2026/03/04 12:0 p.m.7 views

RUSTSEC-2026-0073 Panic in Standalone MAC Operations

An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...

8.7CVSS5.8AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.5 views

ChaCha20‑Poly1305 AEAD Production Decryptor

This C implementation provides a secure ChaCha20‑Poly1305 decryption function fully compliant with RFC 8439...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-2968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component...

6.3CVSS5.2AI score0.00218EPSS
Exploits1References3
NVD
NVD
added 2026/02/23 4:16 a.m.8 views

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS0.00218EPSS
Exploits1References5
OSV
OSV
added 2026/02/23 4:16 a.m.14 views

UBUNTU-CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS5.1AI score0.00218EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/23 3:2 a.m.7 views

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS4.5AI score0.00218EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/23 3:2 a.m.6 views

CVE-2026-2968 Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS5.2AI score0.00218EPSS
Exploits1References7
CVE
CVE
added 2026/02/23 3:2 a.m.23 views

CVE-2026-2968

Cesanta Mongoose up to 7.20 is affected in mg_chacha20_poly1305_decrypt (tls_chacha20.c, Poly1305 Authentication Tag Handler). The issue is improper verification of the cryptographic signature, with a remote attack vector. Descriptions indicate high complexity for exploitation and that the exploi...

6.3CVSS4.5AI score0.00218EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/23 3:2 a.m.3 views

CVE-2026-2968 Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS4.3AI score0.00218EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/23 3:2 a.m.34 views

CVE-2026-2968 Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS0.00218EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/02/23 3:2 a.m.6 views

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS4.2AI score0.00218EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.15 views

PT-2026-21495

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg chacha20 poly1305 decrypt of the file /src/tls chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS4.9AI score0.00218EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.10 views

Cesanta Mongoose 数据伪造问题漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose prior to 7.20 contained a data manipulation vulnerability. This...

6.3CVSS5.7AI score0.00218EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/02/23 12:0 a.m.7 views

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS5.4AI score0.00218EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : openssl-3.0.7-27.el9.ML.1 (AXSA:2024-7908:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7908:04 advisory. openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 openssl: Excessive time...

6.5CVSS6.9AI score0.05533EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : edk2-20240524-6.el9 (AXSA:2024-9428:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9428:12 advisory. mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent checking invalid RSA...

6.5CVSS6.5AI score0.03174EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

RHEL 10 : libssh (RHSA-2026:0427)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0427 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

8.1CVSS7.4AI score0.0144EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

RHEL 9 : libssh (RHSA-2026:0430)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0430 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

8.1CVSS7.4AI score0.0144EPSS
Exploits0References5
Rows per page
Query Builder