Lucene search
K

34 matches found

OSV
OSV
added 2026/01/27 4:16 p.m.6 views

AZL-76128 CVE-2025-69418 affecting package edk2 for versions less than 20230301gitf80f052277c8-47

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS7AI score0.00115EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.5 views

AZL-75272 CVE-2025-69418 affecting package openssl for versions less than 3.3.5-3

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS5.6AI score0.00115EPSS
Exploits1References1
CVE
CVE
added 2026/01/27 4:1 p.m.47 views

CVE-2025-69418

CVE-2025-69418 affects OpenSSL when using the low-level OCB API (CRYPTO_ocb128_encrypt/decrypt) with non-block-aligned lengths on hardware-accelerated builds. The trailing 1–15 bytes of a message may be left unencrypted and unauthenticated, exposing or tampering with data. The issue does not affe...

4CVSS5.7AI score0.00115EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 4:1 p.m.5 views

CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

5.7AI score0.00115EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/27 4:1 p.m.23 views

CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

0.00115EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/01/27 4:1 p.m.4 views

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS6.1AI score0.00115EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/27 3:52 p.m.3 views

CVE-2025-69418

A flaw was found in OpenSSL. When applications directly call the low-level CRYPTOocb128encrypt or CRYPTOocb128decrypt functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are...

4CVSS5.8AI score0.00115EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-69418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes c...

4CVSS6.2AI score0.00115EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/27 12:0 a.m.6 views

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS6.3AI score0.00115EPSS
Exploits1References3
OSV
OSV
added 2026/01/27 12:0 a.m.2 views

UBUNTU-CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS5.7AI score0.00115EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2026-4948

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 3.6 OpenSSL version 1.0.2 is not affected Description The issue relates to the handling of non-block-aligned input lengths when using the low-level OCB API directly with AES-NI or other hardware-accelerated code...

9.8CVSS5.9AI score0.47621EPSS
Exploits7References107
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0252

boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...

5CVSS6.7AI score0.0287EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.5 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...

7.5CVSS5.7AI score0.01015EPSS
Exploits0References8
Prion
Prion
added 2013/03/12 10:55 p.m.14 views

Input validation

boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...

5CVSS7AI score0.0287EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder