CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 4 days ago•8 views

EUVD-2026-38103

6.1AI score0.00354EPSS

Cvelist•added 4 days ago•25 views

CVE-2026-9265 Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path

0.00354EPSS

CVE•added 4 days ago•17 views

CVE-2026-9265

Crypt::OpenSSL::PKCS12 for Perl prior to 1.96 is affected by a heap OOB read in print_attribute: the function copies a UTF8STRING ASN.1 attribute value into a heap buffer sized to the declared length using strncpy, but does not append a NUL terminator. Downstream, strlen() is used and the inflate...

9.1CVSS6.1AI score0.00354EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: octeontx2 – remove the CONFIGDMCRYPT check No issues were found when using the driver with dm-crypt enabled. Therefore, the CONFIGDMCRYPT check in the driver can be removed. This also fixes the NULL pointer dereference...

5.5CVSS6.1AI score0.0024EPSS

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: Do not modify the data when using authenticated encryption. It was stated that authenticated encryption could produce invalid tags when the data being encrypted was modified 1. Therefore, this issue can be addressed by...

7.1CVSS5.5AI score0.00282EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crashdump: Do not log the bytes of the dm-crypt key in readkeyfromuserkeying. When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload, thereby partially exposing the dm-crypt key. Stop loggi...

5.5CVSS5.6AI score0.00121EPSS

Exploits0References1

SUSE CVE•added 2026/06/16 2:23 a.m.•12 views

SUSE CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00305EPSS

Tenable Nessus•added 2026/06/16 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

8.2CVSS5.9AI score0.00321EPSS

NVD•added 2026/06/15 11:16 p.m.•9 views

CVE-2026-12205

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS0.00289EPSS

RedhatCVE•added 2026/06/15 2:36 p.m.•5 views

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.3AI score0.00226EPSS

RedhatCVE•added 2026/06/15 2:36 p.m.•6 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.2AI score0.00319EPSS

Tenable Nessus•added 2026/06/15 12:0 a.m.•8 views

Fedora 45 : perl-Crypt-DSA (2026-cf622b92d7)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cf622b92d7 advisory. Automatic update for perl-Crypt-DSA-1.21-1.fc45. Changelog Mon Jun 15 2026 Paul Howarth - 1.21-1 - Update to 1.21 - Fixed key material reuse for multiple...

9.1CVSS5.5AI score0.00289EPSS

OSV•added 2026/06/14 6:17 p.m.•3 views

DEBIAN-CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS

Exploits0References1

CVE•added 2026/06/14 5:21 p.m.•26 views

CVE-2026-54411

Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...

8.2CVSS5.4AI score0.00321EPSS

Cvelist•added 2026/06/14 5:21 p.m.•24 views

CVE-2026-54411

8.2CVSS0.00321EPSS

EUVD•added 2026/06/14 5:21 p.m.•10 views

EUVD-2026-36662

8.2CVSS5.4AI score0.00321EPSS

Vulnrichment•added 2026/06/14 5:21 p.m.•8 views

CVE-2026-54411

8.2CVSS5.3AI score0.00321EPSS