Lucene search
+L

508 matches found

NVD
NVD
added 2026/06/12 4:16 p.m.19 views

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS0.00226EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/12 2:57 p.m.12 views

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.3AI score0.00226EPSS
Exploits0
CVE
CVE
added 2026/06/12 2:57 p.m.27 views

CVE-2026-9641

CVE-2026-9641 affects Crypt::PBKDF2 for Perl prior to 0.261630. The vulnerability stems from a weak default configuration: using HMAC-SHA1 as the default algorithm and a default 1000 iterations, which is insufficient for modern password hashing. The impact, per sources, could involve reduced resi...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References7
OSV
OSV
added 2026/06/12 2:57 p.m.2 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References11
OSV
OSV
added 2026/06/12 2:16 p.m.2 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/12 2:16 p.m.9 views

UBUNTU-CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/12 1:19 p.m.10 views

CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.2AI score0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48872

VeraCrypt 1.26.29 is now available!🎉 - Argon2id KDF for non-system volumes - Security fixes: CVE-2026-54073 & CVE-2026-53762 - Microsoft UEFI CA 2023 support for system encryption - Driver, EFI, Linux/macOS fixes 🔗More details at https://t.co/xdLi5dqTrX...

5.3AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.10 views

openssl: Possible NULL Dereference in Password-Based CMS Decryption

A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax CMS decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional...

5.9CVSS5.5AI score0.00595EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.11 views

openssl: Possible NULL Dereference in Password-Based CMS Decryption

A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax CMS decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional...

5.9CVSS5.5AI score0.00595EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/09 6:33 p.m.10 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the osslcmsRecipientInfopwricrypt function. An attacker who supplies a malicious password-encrypted CMS message can crash an application, because the PasswordRecipientInfo.keyDerivationAlgorithm field is...

8.7CVSS6.5AI score0.00595EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:3 p.m.61 views

CVE-2026-42766

The CVE-2026-42766 entry documents a NULL pointer dereference in OpenSSL’s CMS decryption for password-based CMS messages. Specifically, PasswordRecipientInfo.keyDerivationAlgorithm is OPTIONAL and may be absent; OpenSSL’s CMS decryption dereferences this field without checking, triggering an app...

5.9CVSS5.5AI score0.00595EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 4:3 p.m.1 views

CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

5.9CVSS7AI score0.00595EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

openssl 异常处理不当漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...

5.9CVSS5.8AI score0.00595EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/08 3:14 a.m.11 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.4AI score0.0077EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/08 2:12 a.m.13 views

libssh: Incorrect Return Code Handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS6.6AI score0.00407EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/05 4:26 a.m.22 views

[SECURITY] Fedora 44 Update: perl-Crypt-Argon2-0.031-1.fc44

This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
Fedora
Fedora
added 2026/06/05 4:9 a.m.15 views

[SECURITY] Fedora 43 Update: perl-Crypt-Argon2-0.031-1.fc43

This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.12 views

Demand-Driven Vulnerability Detection for Cloud Security Posture Management: Removing Human Rule Authoring from the Disclosure-To-Protection Critical Path

Cloud Security Posture Management CSPM systems detect known vulnerabilities by maintaining a rule set, distributing it to customers, and evaluating it against periodically-collected asset inventories. To our knowledge, in publicly documented architectures the rule set is environment-agnostic and...

5.4AI score
Exploits0
Rows per page
Query Builder