Lucene search
K

109 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in OpenSSL

AES OCB mode for 32-bit x86 platforms, using the AES-NI assembly-optimized implementation, may not encrypt all of the data under certain circumstances. This could reveal sixteen bytes of data that were already present in the memory but were not written. In the special case of “in-place” encryptio...

5.3CVSS6.6AI score0.02024EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:2 a.m.8 views

AES-OCB IV Ignored on EVP_Cipher() Path

...

7.5CVSS5.8AI score0.0032EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.9 views

SUSE CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

6.5CVSS5.7AI score0.0032EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/09 6:33 p.m.6 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-OCB provider when an application uses the EVPCipher interface. The handler silently discards the IV, so every message under a given key runs with the all-zero offset state, causing nonce reuse. If...

9.1CVSS5.3AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS0.0032EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.5AI score0.00104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.7CVSS5.5AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.40 views

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.13 views

EUVD-2026-34145

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.15 views

CVE-2026-36606

CVE-2026-36606 affects Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909. The vulnerability stems from encrypting configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who gains a backup file can decrypt it to recover all stored credentials, inc...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.6 views

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45994

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/21 7:34 a.m.7 views

CVE-2026-44061

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

5.9CVSS5.8AI score0.00389EPSS
Exploits0
CVE
CVE
added 2026/05/21 7:34 a.m.19 views

CVE-2026-44061

CVE-2026-44061 affects Netatalk 1.5.0 through 4.4.2, where DES-ECB authentication exposes a timing side channel. Root cause is the use of DES-ECB for authentication, enabling a remote attacker to glean credentials via timing analysis; the issue is mitigated by upgrading to Netatalk 4.5.0 or later...

5.9CVSS5.8AI score0.00389EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.7 views

CVE-2026-44061

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

5.9CVSS5.8AI score0.00389EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-230 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.5AI score0.02024EPSS
Exploits0References27
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.12 views

Text Steganography with Dynamic Codebook and Multimodal Large Language Model

With the popularity of the large language models LLMs, text steganography has achieved remarkable performance. However, existing methods still have some issues: 1 For the white-box paradigm, this steganography behavior is prone to exposure due to sharing the off-the-shelf language model between...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/07 7:16 p.m.3 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.7CVSS0.00112EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 6:22 p.m.10 views

CVE-2026-39349

CVE-2026-39349 affects OrangeHRM Open Source versions 5.0 through 5.8, where certain sensitive fields were encrypted with AES in ECB mode, preserving block patterns and enabling potential pattern disclosure in stored data. The issue is fixed in 5.8.1. Details confirmed by the provided description...

2.7CVSS5.9AI score0.00112EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 6:22 p.m.3 views

CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS5.9AI score0.00112EPSS
Exploits0References1
Rows per page
Query Builder