253 matches found
CVE-2026-41565
CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for AES128-CCM is 12 setting in tlssetswoffload. The return value of cryptoaeadivsize for "ccmaes" is 16. So memcpy require 16 bytes from 12...
Astra Linux - уязвимость в php7.3
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when AES-CCM mode is used with the opensslencrypt function and a 12-byte IV is provided, only the first 7 bytes of the IV are actually used. This can result in reduced security and incorrect encrypted data...
EUVD-2025-209431
A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...
CVE-2025-40745
A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...
CVE-2025-40745
A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...
CVE-2025-40745
Summary: CVE-2025-40745 affects Siemens software including Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation. All versions listed are prior to the specified updates (e.g., Software Center < V3.5.8.2, Simcenter 3D <...
PT-2026-32606
Name of the Vulnerable Software and Affected Versions Siemens Software Center versions prior to V3.5.8.2 Simcenter 3D versions prior to V2506.6000 Simcenter Femap versions prior to V2506.0002 Simcenter STAR-CCM+ versions prior to V2602 Solid Edge SE2025 versions prior to V225.0 Update 13 Solid Ed...
Important: amazon-efs-utils
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...
Linux Distros Unpatched Vulnerability : CVE-2026-34876
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjace...
SUSE CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
EUVD-2026-18356
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
DEBIAN-CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
UBUNTU-CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
CVE-2026-34876
The CVE-2026-34876 issue affects Mbed TLS 3.x prior to 3.6.6. An out-of-bounds read in mbedtls_ccm_finish() (library/ccm.c) can reveal adjacent CCM context data when the multipart CCM API is invoked with an oversized tag_len. Root cause: missing validation of tag_len against the internal 16-byte ...
Mbed TLS 安全漏洞
Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Versions of Mbed TLS prior to 3.6.6 contained security vulnerabilities. These vulnerabilities stemmed from a lack of validation for the taglen parameter in the mbedtlsccmfinish function,...
CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
Important: mount-s3
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...
Amazon Linux 2023 : mount-s3 (ALAS2023-2026-1510)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1510 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via...