CVE-2026-6330

CVE-2026-6330 : In ML-KEM targeting ARM64 NEON, the ciphertext comparison only checks half of the input. This breaks the Fujisaki-Okamoto transform’s implicit rejection, weakening IND-CCA2 security on that path. The constant-time comparison thus ignores part of the re-encrypted ciphertext, allowi...

CVE-2026-6330 ML-KEM ARM64 NEON ciphertext comparison only compares half of the input

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

Covert Channel

Overview Affected versions of this package are vulnerable to Covert Channel information exposure from CMSdecrypt and PKCS7decrypt. An attacker who can supply CMS or S/MIME messages and observe the application's error code and/or decryption output can use the victim's process as an adaptive chosen...

The Jasmin Compiler Preserves Cryptographic Security

Jasmin is a programming and verification framework for developing efficient, formally verified, cryptographic implementations. A main component of the framework is the Jasmin compiler, which empowers programmers to write efficient implementations of state-of-the-art cryptographic primitives,...

EUVD-2005-0367

Malware in sbrugna...

EUVD-2011-1110

Malware in sbrugna...

EUVD-2019-16152

Malware in sbrugna...

EUVD-2012-0907

Malware in sbrugna...

EUVD-2013-4434

Malware in sbrugna...

EUVD-2022-26190

Malicious code in bioql PyPI...

Erlang/OTP (Erlang OTP) Adaptive Chosen Ciphertext Vulnerability (GHSA-mhm2-354q-3277) - Windows

Erlang/OTP Erlang OTP is prone to an adaptive chosen ciphertext vulnerability in the ssl component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Erlang/OTP (Erlang OTP) Adaptive Chosen Ciphertext Vulnerability (GHSA-mhm2-354q-3277) - Linux

Erlang/OTP Erlang OTP is prone to an adaptive chosen ciphertext vulnerability in the ssl component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Linux Distros Unpatched Vulnerability : CVE-2018-12404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chose...

AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. Details This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The root cau...

GHSA-R38M-44FW-H886 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. Details This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The root cau...

RHEL 7 : erlang (RHSA-2018:0242)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0242 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...

GHSA-Q3JM-V27Q-JFWW titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack

titon/framework package which is now abandoned and no longer maintained is vulnerable to remote code execution via Chosen-Ciphertext Attack...

titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack

titon/framework package which is now abandoned and no longer maintained is vulnerable to remote code execution via Chosen-Ciphertext Attack...

PT-2024-40419 · Unknown · Titan Framework

Name of the Vulnerable Software and Affected Versions: titon/framework package affected versions not specified Description: The issue allows for remote code execution via a Chosen-Ciphertext Attack. Recommendations: At the moment, there is no information about a newer version that contains a fix...