2654 matches found
CVE-2026-8881
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
CVE-2026-8881
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
CVE-2026-8881 CVE-2026-8881
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
CVE-2026-8881
CVE-2026-8881 affects the Securly Chrome Extension (version 3.0.7). The crypto uses EVP_BytesToKey with MD5 and a single iteration for AES encryption, relying on an MD5 primitive that has been broken since 2004 and provides no key stretching. This weak derivation reduces the security of protected...
EUVD-2026-34166
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
Milesight Routers - Information Disclosure
A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...
PT-2026-46049
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...
PT-2026-46052
Version 3.0.7 of the Securly Chrome Extension uses EVP BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-46597)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-46597 advisory. - An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM pack...
CVE-2026-45787 electerm's encrypt method not safe enough
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...
SUSE CVE-2026-46019
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
CVE-2026-45950
A flaw was found in the Linux kernel's starfiveaesaeaddoonereq function within the crypto: starfive component. This vulnerability occurs because memory allocated for rctx-adata is not properly freed if sgcopytobuffer or starfiveaeshwinit operations fail. This can lead to memory leaks, potentially...
CVE-2026-46019
A flaw was found in the Linux kernel's atmel-aes cryptographic driver. The atmelaesbuffcleanup function incorrectly deallocates memory, leading to a memory leak. Specifically, while atmelaesbuffinit allocates four pages of memory, atmelaesbuffcleanup only frees one page, resulting in three pages ...
CVE-2026-46019
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
UBUNTU-CVE-2026-46019
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
EUVD-2026-32400
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
CVE-2026-46019
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
CVE-2026-46019
CVE-2026-46019 affects the Linux kernel crypto driver for atmel-aes. The issue is a memory‑leak in atmel_aes_buff_cleanup: atmel_aes_buff_init() allocates 4 pages via __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the first page with free_page(), leaking t...
CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
CVE-2026-45950
In the Linux kernel, CVE-2026-45950 concerns a memory leak in crypto: starfive via starfive_aes_aead_do_one_req(). The function kzalloc() allocates rctx->adata but there was no corresponding free on failure paths (sg_copy_to_buffer() or starfive_aes_hw_init()), leading to leaks. The fix adds c...