Lucene search
+L

308 matches found

redhat
redhat
added 4 days ago6 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
redhat
redhat
added 4 days ago4 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6AI score0.00805EPSS
Exploits0References10
osv
osv
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1811 PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

7.1CVSS6.5AI score0.00618EPSS
Exploits0References8
nvd
nvd
added 2026/07/06 8:16 p.m.10 views

CVE-2026-41514

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

3.3CVSS0.00095EPSS
Exploits0References1
nvd
nvd
added 2026/07/02 10:16 p.m.9 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS0.00352EPSS
Exploits0References4
ibm
ibm
added 2026/07/01 1:52 p.m.3 views

Security Bulletin: Vulnerabilities in kernel library (CVE-2025-68724, CVE-2026-31431) affect Power HMC.

Summary The kernel library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-68724 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in...

7.8CVSS6.8AI score0.96267EPSS
Exploits230Affected Software1
osv
osv
added 2026/06/25 6:43 p.m.14 views

GO-2026-5267 OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types in github.com/openbao/openbao

OpenBao: Transit secrets engine crashes on key creation with derived: true for asymmetric key types in github.com/openbao/openbao...

5.8AI score
Exploits0References4
redhat
redhat
added 2026/06/25 6:37 p.m.8 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.13 views

PT-2026-52656

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Lemur version 1.9.0 Description The JWT verifier in the lemur/lemur/auth/service.py component trusts the alg header field from unverified tokens and passes it directly into the pyjwt.decode function via the...

4.8CVSS6.1AI score
Exploits0References8
astralinux
astralinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys – prevented overflow in asymmetrickeygenerateid. Use checkaddoverflow to prevent potential integer overflows when adding the lengths of binary blobs and the size of an asymmetrickeyid structure. Return...

6AI score0.0017EPSS
Exploits0References3
osv
osv
added 2026/06/19 9:42 p.m.10 views

GHSA-8W8F-R2XV-4Q4J OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types

On OpenBao 2.5.4 and 2.5.2and likely earlier versions also, an authenticated caller with write access to transit/keys/ can crash the OpenBao server by issuing a single key-creation request that combines an asymmetric type rsa-, ecdsa-, ed25519 with derived: true. The server returns no HTTP respon...

6.5CVSS6AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51111

Name of the Vulnerable Software and Affected Versions OpenBao versions 2.5.2 through 2.5.4 Description An authenticated user with write access to the transit/keys/ endpoint can cause a denial-of-service by crashing the server. This occurs when a key-creation request is sent combining an asymmetri...

6.5CVSS5.9AI score
Exploits0References7
redhat
redhat
added 2026/06/17 12:5 p.m.6 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.8AI score0.0017EPSS
Exploits0References5
redhat
redhat
added 2026/06/17 6:53 a.m.6 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.7AI score0.0017EPSS
Exploits0References5
redhat
redhat
added 2026/06/17 1:20 a.m.5 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.7AI score0.0017EPSS
Exploits0References5
redhat
redhat
added 2026/06/16 4:53 p.m.14 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.5AI score0.00727EPSS
Exploits0References5
snyk
snyk
added 2026/06/15 4:34 p.m.8 views

Asymmetric Resource Consumption (Amplification)

Overview org.webjars.npm:ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification when handling a large number of very small fragments and data chunks. An attacker can cause excessive...

8.7CVSS5.9AI score0.00782EPSS
Exploits1References3
snyk
snyk
added 2026/06/15 4:34 p.m.11 views

Asymmetric Resource Consumption (Amplification)

Overview ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification when handling a large number of very small fragments and data chunks. An attacker can cause excessive memory allocatio...

8.7CVSS5.9AI score0.00782EPSS
Exploits1References3
redhat
redhat
added 2026/06/12 7:56 p.m.9 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.6AI score0.0017EPSS
Exploits0References5
nessus
nessus
added 2026/06/12 12:0 a.m.19 views

RHEL 8 : kernel (RHSA-2026:25533)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25533 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme: avoid double free speci...

9.8CVSS5.8AI score0.00563EPSS
Exploits0References35
Rows per page
Query Builder