Lucene search
K

298 matches found

RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.9 views

cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API

A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces APIs that accept Python buffers, such as Hash.update. A remote attacker could exploit this to cause a buffer overflow, potentially leading t...

9.8CVSS5.6AI score0.00652EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.16 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/09 7:7 a.m.14 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS5.4AI score0.00349EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.20 views

OpenSSL 缓冲区错误漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

8.1CVSS5.9AI score0.00358EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/07 1:7 a.m.13 views

[SECURITY] Fedora 43 Update: perl-CryptX-0.089-1.fc43

This Perl library provides a cryptography based on LibTomCrypt library...

7.5CVSS5.4AI score0.00469EPSS
Exploits0
Fedora
Fedora
added 2026/06/07 12:57 a.m.13 views

[SECURITY] Fedora 44 Update: perl-CryptX-0.089-1.fc44

This Perl library provides a cryptography based on LibTomCrypt library...

7.5CVSS5.4AI score0.00469EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/04 1:47 a.m.9 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/03 8:19 a.m.22 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
EUVD
EUVD
added 2026/05/27 4:34 p.m.11 views

EUVD-2026-32582

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS5.8AI score0.00324EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/20 4:26 p.m.15 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/20 8:32 a.m.14 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.2AI score0.00615EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2026/05/20 8:1 a.m.9 views

lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()

...

5.5CVSS5.4AI score0.00149EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in gnupg1

Libgcrypt before version 1.7.8 is vulnerable to a cache-side-channel attack that can lead to a complete failure of the RSA-1024 algorithm. This attack occurs when the left-to-right method is used for computing the sliding-window expansion. It is believed that the same attack also works on the...

6.8CVSS7AI score0.03885EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libcrypto++

In gf2n.cpp within Crypto++ also known as cryptopp, available from version 8.9.0, attackers can cause a denial of service application crash by exploiting DER public-key data for an F2^m curve. This occurs when the degree of each term in the polynomial is not strictly decreasing...

7.5CVSS7.1AI score0.00829EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/19 4:11 p.m.32 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/18 9:0 a.m.16 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/17 6:51 p.m.53 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

0.00447EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.13 views

PT-2026-41582

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95 Description An out-of-bounds write flaw exists when parsing a PKCS12 file containing an OCTET STRING or BIT STRING attribute on a SAFEBAG of 1 GiB or larger. This issue is triggered via the info or...

9.8CVSS6.2AI score0.00648EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/05/11 10:53 p.m.9 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/11 6:39 p.m.11 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Rows per page
Query Builder