Lucene search
K

7 matches found

OSV
OSV
added 2026/04/27 6:33 p.m.12 views

JLSEC-2026-243 Issue summary: A bug has been identified in the processing of key and initialisation vector (IV)...

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.6AI score0.03332EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2026/01/12 3:55 a.m.4 views

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS5.8AI score0.0144EPSS
Exploits0References5
OSV
OSV
added 2025/07/07 3:15 p.m.7 views

AZL-64797 CVE-2025-5987 affecting package libssh for versions less than 0.10.6-2

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.4AI score0.0144EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/11/13 12:0 a.m.3 views

Vulnerability of the functions EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), and EVP_CipherInit_ex2() of the OpenSSL cryptographic library, which allows a perpetrator to gain unauthorized access to protected information

The vulnerabilities of the functions EVPEncryptInitex2, EVPDecryptInitex2, and EVPCipherInitex2 in the OpenSSL cryptographic library are related to the absence of necessary encryption steps. Exploiting these vulnerabilities can allow a remote attacker to gain unauthorized access to protected...

7.8CVSS6.7AI score0.03332EPSS
Exploits0References17Affected Software7
OSV
OSV
added 2023/10/25 6:17 p.m.1 views

DEBIAN-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.6AI score0.03332EPSS
Exploits0References1
OSV
OSV
added 2023/10/25 6:17 p.m.3 views

AZL-42751 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.5AI score0.03332EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.4 views

SUSE CVE-2012-4571

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack...

2.1CVSS6.5AI score0.0037EPSS
Exploits0References3
Rows per page
Query Builder