Lucene search
K

94 matches found

Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.6 views

PT-2024-20728 · Renesas · Renesas Smartbond

Name of the Vulnerable Software and Affected Versions: Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699 Description: An issue was discovered where the Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without...

9.8CVSS7.1AI score0.00412EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/07/10 12:0 a.m.8 views

CVE-2024-25077

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...

7AI score0.00412EPSS
Exploits0References1
OSV
OSV
added 2024/04/04 9:15 a.m.3 views

DEBIAN-CVE-2024-26789

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than...

7.1CVSS6AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2024/04/04 9:15 a.m.21 views

CVE-2024-26789

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than...

7.1CVSS7.8AI score0.00226EPSS
Exploits0References4
OSV
OSV
added 2024/04/04 9:15 a.m.5 views

UBUNTU-CVE-2024-26789

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than...

7.1CVSS6.8AI score0.00226EPSS
Exploits0References11
OSV
OSV
added 2024/04/04 8:20 a.m.5 views

CVE-2024-26789 crypto: arm64/neonbs - fix out-of-bounds access on short input

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than...

7.1CVSS6AI score0.00226EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/04/04 8:20 a.m.13 views

CVE-2024-26789 crypto: arm64/neonbs - fix out-of-bounds access on short input

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than...

7.1AI score0.00226EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/04 8:20 a.m.21 views

CVE-2024-26789 crypto: arm64/neonbs - fix out-of-bounds access on short input

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than...

8AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2024/04/04 8:20 a.m.89 views

CVE-2024-26789

CVE-2024-26789 concerns the Linux kernel crypto path for ARM64 AES-CTR. The bit-sliced NEON implementation could perform out-of-bounds reads when processing short inputs or tail blocks that do not align to 128-byte blocks, because it would jump into the plain NEON helper which handles memory in 1...

7.1CVSS6.4AI score0.00226EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2024/04/04 12:0 a.m.29 views

CVE-2024-26789

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than...

7.1CVSS6.5AI score0.00226EPSS
Exploits0References10
OSV
OSV
added 2024/03/06 11:2 a.m.24 views

BIT-MEDIAWIKI-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

5.3CVSS5.3AI score0.00389EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.4 views

kernel: crypto: qat - fix out-of-bounds read

An out-of-bounds read vulnerability was found in the Linux kernel's Intel QAT QuickAssist Technology crypto driver. When preparing an AES-CTR encryption request on QAT GEN4 devices, the driver rounds up the key size by 16 bytes before copying. If this rounding occurs before the memcpy operation,...

5.7AI score0.00171EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.21 views

F5 Networks BIG-IP : libssh vulnerability (K05295501)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K05295501 advisory. - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if...

5.3CVSS7AI score0.03065EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:26 p.m.32 views

K05295501: libssh vulnerability CVE-2020-1730

Security Advisory Description A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when...

5.3CVSS6.4AI score0.03065EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/01/20 6:15 p.m.28 views

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

5.3CVSS5.2AI score0.00389EPSS
Exploits1References1
Prion
Prion
added 2023/01/20 6:15 p.m.28 views

Code injection

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

5CVSS5.3AI score0.00389EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/01/20 12:0 a.m.72 views

CVE-2023-22912

CVE-2023-22912 affects MediaWiki releases prior to 1.35.9, 1.36.x up to 1.38.x before 1.38.5, and 1.39.x before 1.39.1. The CheckUser TokenManager uses AES-CTR with a repeated nonce, enabling an adversary to decrypt data. Impact is confidentiality of tokens, with network-based exposure and no exp...

5.3CVSS5.1AI score0.00389EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/01/20 12:0 a.m.22 views

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

5.3CVSS5.3AI score0.00389EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.28 views

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

5.6AI score0.00389EPSS
Exploits1References1
Veracode
Veracode
added 2022/02/14 11:17 a.m.30 views

Insecure Cryptography

github.com/aws/aws-sdk-go is vulnerable to insecure cryptography. The vulnerability exists due to broken encryption algorithm which allows an attacker with write access to change AES-GCM to AES-CTR...

2.5CVSS3.6AI score0.00231EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder