Lucene search
+L

95 matches found

nvd
nvd
added 2026/06/24 12:16 a.m.11 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
cve
cve
added 2026/06/23 11:49 p.m.13 views

CVE-2026-6458

CVE-2026-6458 involves the Caliptra Core Firmware (aes_256_gcm_update module) where a missing cryptographic step in the streaming AES-256-GCM API with empty AAD leads to the hardware GHASH accumulator state not being saved after the first update. As a result, the final GCM authentication tag does...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/23 11:49 p.m.6 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/23 11:49 p.m.36 views

CVE-2026-6458 AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/23 12:0 a.m.15 views

PT-2026-51610

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description A missing cryptographic step in the aes 256 gcm update module leads to an incorrect GCM authentication tag. When the streaming...

5.1CVSS5.7AI score0.00128EPSS
Exploits0References6
susecve
susecve
added 2026/06/13 2:17 a.m.11 views

SUSE CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References13
nessus
nessus
added 2026/06/10 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-45446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty...

4.8CVSS5.8AI score0.0021EPSS
Exploits0References3
osv
osv
added 2026/06/09 4:3 p.m.2 views

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS7.3AI score0.0021EPSS
Exploits0References8
vulnersosv
vulnersosv
added 2026/06/08 5:52 p.m.8 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +231 more potentially affected by CVE-2026-41479 via authlib (>=0.10.0 <=1.6.1)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

5.4CVSS5.7AI score0.0016EPSS
Exploits1
almalinux
almalinux
added 2026/05/19 12:0 a.m.19 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD CVE-2026-23060 kernel: crypto: algifaead - Revert to operating out-of-place CVE-2026-31431 kernel: crypto: afalg - limit...

8.8CVSS7.2AI score0.96267EPSS
Exploits257References10
nessus
nessus
added 2026/05/19 12:0 a.m.21 views

RHEL 9 : kernel (RHSA-2026:19225)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19225 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Servi...

8.8CVSS7.2AI score0.96267EPSS
Exploits257References10
vulnersosv
vulnersosv
added 2026/05/13 1:36 a.m.6 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +234 more potentially affected by CVE-2026-44681 via authlib (>=0.10.0 <=1.6.11)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-44681 Source advisory: OSV:GHSA-R95X-QFJJ-FJJ2...

6.1CVSS5.7AI score0.00203EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/05/13 1:36 a.m.10 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +170 more potentially affected by CVE-2026-44681 via authlib (>=1.0.0 <=1.6.11)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-44681 Source advisory:...

6.1CVSS5.7AI score0.00203EPSS
Exploits1
nessus
nessus
added 2026/05/07 12:0 a.m.17 views

CentOS 9 : kernel-5.14.0-701.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-701.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - limit RX SG extraction by receive buffer budget Mak...

9.8CVSS6.2AI score0.96267EPSS
Exploits230References6
nessus
nessus
added 2026/05/06 12:0 a.m.10 views

Oracle Linux 10 : kernel (ELSA-2026-13566)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13566 advisory. - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption Vladislav Dronov RHEL-172211 CVE-2026-31431 - crypto: authencesn ...

9.8CVSS6.5AI score0.96267EPSS
Exploits230References5
githubexploit
githubexploit
added 2026/05/05 1:52 p.m.106 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail Toolset This repository contains t...

7.8CVSS7.3AI score0.96267EPSS
Exploits230
vulnersosv
vulnersosv
added 2026/04/24 8:16 p.m.14 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +232 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:PYSEC-2026-25...

5.4CVSS5.7AI score0.00106EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/16 10:38 p.m.9 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +167 more potentially affected by CVE-2026-41425 via authlib (>=1.0.0 <=1.6.10)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-41425 Source advisory:...

5.4CVSS5.7AI score0.00106EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/16 10:38 p.m.14 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +232 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:GHSA-JJ8C-MMJ3-MMGV...

5.4CVSS5.7AI score0.00106EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/03/16 8:53 p.m.6 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +225 more potentially affected by CVE-2026-28498 via authlib (>=1.0.0 <=1.6.8)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-28498 Source advisory:...

9.1CVSS7.7AI score0.00226EPSS
Exploits1
Rows per page
Query Builder