Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added yesterday4 views

Linux Distros Unpatched Vulnerability : CVE-2026-6331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility...

7.5CVSS5.8AI score0.00147EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.14 views

openssl: AES-OCB IV Ignored on EVP_Cipher() Path

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

7.5CVSS5.5AI score0.0032EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.8 views

openssl: AES-OCB IV Ignored on EVP_Cipher() Path

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

7.5CVSS5.5AI score0.0032EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.13 views

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.7AI score0.0021EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.229 views

CVE-2026-45445

CVE-2026-45445 describes a vulnerability in AES-OCB when using OpenSSL EVP_Cipher() in one-shot mode: the application-supplied IV is ignored, causing every encrypted message under the same key to use the same effective nonce. This leads to key/nonce reuse and potential confidentiality loss, and, ...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:6 a.m.3 views

CVE-2026-5477

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wcCmacUpdate used the guard if cmac-totalSz != 0 to skip XOR-chaining on the first block where digest is all-zeros and the XOR is a no-op. However, totalSz is word32 and wrap...

8.2CVSS5.9AI score0.0042EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 9:16 a.m.4 views

CVE-2026-29144

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

7.8CVSS0.00212EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:50 a.m.3 views

CVE-2026-29144

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...

7.8CVSS5.9AI score0.00212EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 8:34 a.m.4 views

CVE-2026-29141 Bounded Subject Tag Sanitization

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as signed OK...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from allowing attackers to bypass subject cleanup and forge tags...

7.7CVSS5.8AI score0.00212EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 9:5 a.m.2 views

BIT-CEPH-2020-1759

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the...

6.8CVSS6.8AI score0.01373EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 8:44 p.m.4 views

EUVD-2026-12099

simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption...

8.2CVSS5.8AI score0.00148EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nov json-jwt version = 0.5.0 && = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM...

5.3CVSS5.6AI score0.00777EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.19 views

RHEL 7 : python-cryptography (RHSA-2018:3600)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:3600 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and...

7.5CVSS6.8AI score0.02605EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.12 views

SUSE: Security Advisory (SUSE-SU-2020:0790-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02605EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2020/09/30 5:27 p.m.1 views

ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions

A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious...

6.8CVSS5.8AI score0.01373EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/03/26 12:0 a.m.35 views

SUSE SLES12 Security Update : python-cffi, python-cryptography, python-xattr (SUSE-SU-2020:0790-1)

This update for python-cffi, python-cryptography and python-xattr fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed : python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256,...

7.5CVSS7.2AI score0.02605EPSS
Exploits0References10
OSV
OSV
added 2020/03/25 2:14 p.m.4 views

SUSE-SU-2020:0792-1 Security update for python-cffi, python-cryptography

This update for python-cffi, python-cryptography fixes the following issues: Security issue fixed: - CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed: python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256, jscPM-1598: - fixed...

7.5CVSS7.5AI score0.02605EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2018/11/13 10:13 p.m.5 views

python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API

A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...

7.5CVSS5.8AI score0.02605EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/11/13 10:13 p.m.448 views

Moderate: Red Hat Security Advisory: python-cryptography security update

An update for python-cryptography is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

7.5CVSS6.7AI score0.02605EPSS
Exploits0References2
Rows per page
Query Builder