Lucene search
K

147 matches found

NVD
NVD
added 2026/06/24 12:16 a.m.11 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 12:16 a.m.10 views

CVE-2026-5818

Incorrect check of function return value in Caliptra Core Runtime Firmware ActivateFirmwareCmd::activatefw modules allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0...

7.2CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 11:49 p.m.6 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51609

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description An incorrect check of a function return value within the ActivateFirmwareCmd::activate fw modules allows the bypass of the...

7.2CVSS5.8AI score0.00155EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/09 5:5 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:5 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:5 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:5 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:4 p.m.10 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade Microsoft.NetCore.App.Runtime.win-a...

6.9CVSS5.3AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:4 p.m.9 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade Microsoft.NetCore.App.Runtime.win-x...

6.9CVSS5.3AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:4 p.m.10 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade Microsoft.NetCore.App.Runtime.win-x...

6.9CVSS5.3AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:4 p.m.8 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

6.9CVSS5.3AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:4 p.m.9 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

6.9CVSS5.3AI score0.00388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.8 views

Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1802)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1802 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

7.5CVSS6.1AI score0.0243EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/18 7:10 p.m.11 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.8 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.8 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.10 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.15 views

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1627)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1627 advisory. Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an...

7.5CVSS6.5AI score0.02279EPSS
Exploits0References10
Snyk
Snyk
added 2026/03/11 9:11 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in...

8.7CVSS5.8AI score0.02818EPSS
Exploits0References2
Rows per page
Query Builder