Lucene search
K

560 matches found

Broadcom
Broadcom
added 2026/07/01 12:0 a.m.18 views

crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431)

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

7.8CVSS6.8AI score0.96267EPSS
Exploits230
OSV
OSV
added 2026/06/29 9:16 p.m.6 views

UBUNTU-CVE-2026-13758

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

3.7CVSS5.8AI score0.00295EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:16 a.m.3 views

crypto: af_alg - Cap AEAD AD length to 0x80000000

...

7.8CVSS6.1AI score0.0014EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 8:4 p.m.8 views

CVE-2026-52972

A flaw was found in the Linux kernel's afalg cryptography module. This vulnerability involves an arithmetic overflow when processing associated data lengths during the transmit buffer size check. A remote attacker could exploit this flaw by providing a specially crafted associated data length,...

7CVSS6AI score0.0014EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:14 a.m.6 views

SUSE CVE-2026-52972

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...

7.8CVSS5.8AI score0.0014EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38840

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...

5.7AI score0.0014EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.10 views

CVE-2026-52972

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...

7CVSS0.0014EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.31 views

CVE-2026-52972 crypto: af_alg - Cap AEAD AD length to 0x80000000

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...

0.0014EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 4:28 p.m.2 views

CVE-2026-52972 crypto: af_alg - Cap AEAD AD length to 0x80000000

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...

7CVSS5.8AI score0.0014EPSS
Exploits0References14
CVE
CVE
added 2026/06/24 4:28 p.m.22 views

CVE-2026-52972

CVE-2026-52972 affects the Linux kernel crypto/af_alg component, causing an arithmetic overflow when handling associated data lengths during the TX buffer size check. The root cause is the potential overflow if AD length is not capped; the fix caps the AD length to 0x80000000. Multiple OS vendors...

7CVSS5.7AI score0.0014EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/06/23 11:49 p.m.6 views

CVE-2026-6458 AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS5.9AI score0.00128EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/23 11:48 a.m.12 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead – Reverted to operating out-of-place. This mainly reverts to commit 72548b093ee3, except for the copying of the associated data. There is no benefit in operating in-place in algifaead, as the source and...

7.8CVSS6.6AI score0.96267EPSS
Exploits230References3
RedhatCVE
RedhatCVE
added 2026/06/10 1:26 p.m.13 views

CVE-2026-45446

A flaw was found in OpenSSL. The implementations of AES-SIV Advanced Encryption Standard - SIV and AES-GCM-SIV Advanced Encryption Standard - Galois/Counter Mode - SIV incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages...

4.8CVSS5.4AI score0.0021EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 2:50 a.m.16 views

Malicious code in mistral-workflows-plugins-webhook (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e87825efe9006ca3d435869b276f0d8526a1255ec71ac6e7aa0ea1bb068b6673 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 2:4 p.m.17 views

kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD

A flaw was found in the Linux kernel's authencesn authenticated encryption with associated data implementation. A remote attacker can exploit this vulnerability by providing a specially crafted Associated Additional Data with a length shorter than the expected minimum. This can lead to a NULL...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 10:22 p.m.6 views

GHSA-H5FH-7HWR-97MW Kimai has an arbitrary file read in its invoice PDF renderer (admin)

Summary Users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles, whose writer calls...

4.1CVSS5.8AI score0.00278EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2026/05/08 11:1 a.m.10 views

Advisory ROSA-SA-2026-3263

Software: kernel-ml 5.15.180 OS: rosa-server79 unaffected versions = kernel-ml-5.15.180-1.0.1.res7 affected versions kernel-ml-5.15.180-1.0.1.res7 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perfor...

7.8CVSS6AI score0.96267EPSS
Exploits230
OSV
OSV
added 2026/05/03 9:57 a.m.17 views

OESA-2026-2174 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algifaead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of the associated data.\n\nThere is no...

7.8CVSS6AI score0.96267EPSS
Exploits230References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.12 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-016370)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016370 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 exce...

7.8CVSS6AI score0.96267EPSS
Exploits230References4
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-016371)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016371 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 exce...

7.8CVSS6AI score0.96267EPSS
Exploits230References4
Rows per page
Query Builder