Lucene search
K

115 matches found

OSV
OSV
added 2026/06/29 9:16 p.m.6 views

UBUNTU-CVE-2026-13758

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

3.7CVSS5.8AI score0.00295EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 8:42 p.m.15 views

CVE-2026-13758

CVE-2026-13758 affects CryptX for Perl versions before 0.088_001. The vulnerability stems from a non-constant-time comparison of AEAD authentication tags in the streaming decrypt_done path, using memNE (memcmp() != 0). The run time varies with the number of matching leading bytes across all five ...

3.7CVSS5.8AI score0.00295EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 5:2 p.m.6 views

CVE-2026-57062

A flaw in GnuPG's gpgsm component improperly handles the Cryptographic Message Syntax CMS format for AES-GCM. By accepting an authentication tag length of 4 bytes instead of the required 12 bytes, this vulnerability allows for a low-impact data integrity issue where the cryptographic validity of...

2.9CVSS5.7AI score0.0011EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/30 2:7 a.m.14 views

SUSE CVE-2026-41565

CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...

7.5CVSS6.1AI score0.00469EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:18 p.m.40 views

CVE-2026-45950 crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata with kzalloc but fails to free it if sgcopytobuffer or starfiveaeshwinit fails, which lead to memory leaks...

0.00122EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the starfiveaesaeaddoonereq function failing when sgcopytobuffer or starfiveaeshwinit does not release...

5.8AI score0.00122EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.9 views

CVE-2026-45950

crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq...

5.8AI score0.00122EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-46028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently us...

5.5CVSS6AI score0.00123EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/26 11:8 p.m.20 views

netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/26 11:8 p.m.7 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

6.9CVSS5.5AI score0.00193EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: Do not modify the data when using authenticated encryption. It was stated that authenticated encryption could produce invalid tags when the data being encrypted was modified 1. Therefore, this issue can be addressed by...

7.1CVSS5.5AI score0.00282EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: Fixed a UAF Use-After-Free issue in decryption with multichannel. After the commits f7025d861694 “smb: client: allocate crypto only for primary server” and b0abcd65ec54 “smb: client: fix UAF in async decryption”,...

7.8CVSS6.5AI score0.00158EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 2:4 p.m.17 views

kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD

A flaw was found in the Linux kernel's authencesn authenticated encryption with associated data implementation. A remote attacker can exploit this vulnerability by providing a specially crafted Associated Additional Data with a length shorter than the expected minimum. This can lead to a NULL...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References5
OSV
OSV
added 2026/05/13 1:36 a.m.7 views

GHSA-XR5H-PHRJ-8VXV Astro: Server island encrypted parameters vulnerable to cross-component replay

Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props p value as...

6.3CVSS5.8AI score0.00144EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 8:45 p.m.9 views

SUSE-SU-2026:21526-1 Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before...

7.8CVSS7AI score0.96267EPSS
Exploits230References15
RedHat Linux
RedHat Linux
added 2026/05/05 10:20 a.m.15 views

kernel: crypto: algif_aead - Fix minimum RX size check for decryption

A flaw was found in the Linux kernel, specifically within the algifaead module. The vulnerability involves an incorrect check for the minimum receive buffer size during decryption, which did not properly account for the tag size. This could potentially lead to issues with data integrity or...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 7:56 a.m.13 views

bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 5:58 a.m.28 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.9AI score0.96267EPSS
Exploits230References6
AlmaLinux
AlmaLinux
added 2026/05/05 12:0 a.m.36 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend CVE-2025-40252 kernel: crypto: asymmetricke...

9.8CVSS6.1AI score0.96267EPSS
Exploits230References13
GithubExploit
GithubExploit
added 2026/05/04 3:52 p.m.94 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Linux Privileg...

7.8CVSS6AI score0.96267EPSS
Exploits230
Rows per page
Query Builder