Lucene search
K

6 matches found

NVD
NVD
added 2026/06/24 12:16 a.m.11 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 11:49 p.m.6 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 11:49 p.m.36 views

CVE-2026-6458 AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51610

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description A missing cryptographic step in the aes 256 gcm update module leads to an incorrect GCM authentication tag. When the streaming...

5.1CVSS5.7AI score0.00128EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.25 views

SUSE SLED15: kernel-firmware / kernel-firmware-all / kernel-firmware-amdgpu / etc (SUSE-SU-2024:2575-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2575-1 advisory. - CVE-2023-38417: Fixed improper input validation for some IntelR PROSet/Wireless WiFi software...

4.7CVSS5.8AI score0.00428EPSS
Exploits0References9
OSV
OSV
added 2020/10/05 2:15 p.m.8 views

CVE-2019-14558

Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation IntelR CoreTM, IntelR CeleronR Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access...

5.7CVSS7.8AI score
Exploits0References2
Rows per page
Query Builder