Lucene search
K

44 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in OpenSSL

AES OCB mode for 32-bit x86 platforms, using the AES-NI assembly-optimized implementation, may not encrypt all of the data under certain circumstances. This could reveal sixteen bytes of data that were already present in the memory but were not written. In the special case of “in-place” encryptio...

5.3CVSS6.6AI score0.02024EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:2 a.m.8 views

AES-OCB IV Ignored on EVP_Cipher() Path

...

7.5CVSS5.8AI score0.0032EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.8 views

SUSE CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

6.5CVSS5.7AI score0.0032EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/09 6:33 p.m.6 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-OCB provider when an application uses the EVPCipher interface. The handler silently discards the IV, so every message under a given key runs with the all-zero offset state, causing nonce reuse. If...

9.1CVSS5.3AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS0.0032EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.7CVSS5.5AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.40 views

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.15 views

CVE-2026-36606

CVE-2026-36606 affects Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909. The vulnerability stems from encrypting configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who gains a backup file can decrypt it to recover all stored credentials, inc...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45994

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-230 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.5AI score0.02024EPSS
Exploits0References27
Vulnrichment
Vulnrichment
added 2026/04/07 6:22 p.m.3 views

CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS5.9AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

OrangeHRM 加密问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained a security...

2.7CVSS5.8AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 2:24 p.m.6 views

OESA-2026-1663 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: When using the low-level OCB API directly with AES-NI orbrother hardware-accelerated code paths, inputs whose length is not a multiplebrof 16 bytes...

4CVSS5.8AI score0.00115EPSS
Exploits1References2
OSV
OSV
added 2026/02/09 8:15 p.m.5 views

CLSA-2026-1770668132 openssl: Fix of 2 CVEs

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing - CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes...

7.5CVSS7.2AI score0.00768EPSS
Exploits1References1
OSV
OSV
added 2026/02/09 8:2 p.m.7 views

CLSA-2026-1770667352 openssl: Fix of 3 CVEs

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing - CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes - CVE-2025-15468: add a NULL guard before...

7.5CVSS5.8AI score0.00768EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/01/28 10:8 a.m.5 views

openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

A flaw was found in OpenSSL. When applications directly call the low-level CRYPTOocb128encrypt or CRYPTOocb128decrypt functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are...

4CVSS5.7AI score0.00115EPSS
Exploits1References4
OSV
OSV
added 2026/01/27 4:16 p.m.7 views

AZL-75899 CVE-2025-69418 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS7AI score0.00115EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.5 views

ALPINE-CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS5.7AI score0.00115EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.8 views

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS5.7AI score
Exploits0References6
CVE
CVE
added 2026/01/27 4:1 p.m.47 views

CVE-2025-69418

CVE-2025-69418 affects OpenSSL when using the low-level OCB API (CRYPTO_ocb128_encrypt/decrypt) with non-block-aligned lengths on hardware-accelerated builds. The trailing 1–15 bytes of a message may be left unencrypted and unauthenticated, exposing or tampering with data. The issue does not affe...

4CVSS5.7AI score0.00115EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder