Lucene search
K

13 matches found

NVD
NVD
added 2026/06/24 12:16 a.m.8 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 11:49 p.m.9 views

CVE-2026-6458

CVE-2026-6458 involves the Caliptra Core Firmware (aes_256_gcm_update module) where a missing cryptographic step in the streaming AES-256-GCM API with empty AAD leads to the hardware GHASH accumulator state not being saved after the first update. As a result, the final GCM authentication tag does...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2026/05/23 11:58 p.m.17 views

MAL-2026-4576 Malicious code in hardhat-gas-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71b0b8dd866d9c1f4516f4e537a2d61ea3cbe87f06b0195a24c0dea76fef44c0 This package typosquats the widely-used hardhat-gas-reporter Hardhat plugin matching its cache filename .hardhatgasreporteroutput.json and replicatin...

5.9AI score
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-4212

Malware in sbrugna...

7.5CVSS7.5AI score0.00663EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/05/16 12:30 p.m.57 views

Chlonium - Chromium Cookie Import / Export Tool

Chlonium is an application designed for cloning Chromium Cookies. From Chromium 80 and upwards, cookies are encrypted using AES-256 GCM, with a state key which is stored in the Local State file. This state key is encrypted using DPAPI. This is a change from older versions, which used DPAPI to...

6.9AI score
Exploits0References6
Kitploit
Kitploit
added 2022/03/03 8:30 p.m.27 views

Chaya - Advance Image Steganography

Chaya protects your privacy through steganography, cryptography and compression. It effectively encrypts your payloads using AES-256-GCM cryptography, embeds them using LSB-LPS steganography technique into images and compresses them using FLIF to evade detection by performing lossless compression...

7.8AI score
Exploits0References5
Kitploit
Kitploit
added 2021/11/15 8:30 p.m.369 views

EXOCET - AV-evading, Undetectable, Payload Delivery Tool

EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode Galois/Counter Mode. Metasploit's Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, i...

7.5AI score
Exploits0References7
Schneier on Security
Schneier on Security
added 2020/04/30 3:24 p.m.30 views

Securing Internet Videoconferencing Apps: Zoom and Others

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer...

7.2AI score
Exploits0
NVD
NVD
added 2020/04/17 5:15 a.m.24 views

CVE-2020-11872

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...

7.5CVSS7.5AI score0.00663EPSS
Exploits0References1
Prion
Prion
added 2020/04/17 5:15 a.m.8 views

Session fixation

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...

5CVSS7.5AI score0.00663EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/04/17 4:24 a.m.91 views

CVE-2020-11872

The CVE-2020-11872 entry concerns the Cloud Functions subsystem in OpenTrace 1.0. The vulnerability arises from fabrications possible by issuing billions of TempID requests before an AES-256-GCM key rotation, as described in the provided documents. The connected records consistently reference the...

7.5CVSS7.5AI score0.00663EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/17 4:24 a.m.23 views

CVE-2020-11872

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...

7.6AI score0.00663EPSS
Exploits0References1
exploitpack
exploitpack
added 2017/01/26 12:0 a.m.57 views

OpenSSL 1.1.0 - Remote Client Denial of Service

OpenSSL 1.1.0 - Remote Client Denial of Service // Source: https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/ / SSL server demonstration program Copyright C 2006-2015, ARM Limited, All Rights Reserved...

5CVSS7.8AI score0.55294EPSS
Exploits5
Rows per page
Query Builder