Lucene search
K

454 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-43604

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS6.1AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS0.00198EPSS
Exploits0References2
CVE
CVE
added 2 days ago17 views

CVE-2026-51538

CVE-2026-51538 (OpENer 2.3.0) describes an Incorrect Access Control in encapsulation session handling. The server validates that a session_handle exists in the global list but does not verify that the handle belongs to the TCP connection issuing the request. With no strong binding between a sessi...

9.1CVSS6.1AI score0.00198EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

0.00198EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57019 Junos OS: MX Series: Specific traffic causes an FPC to reset

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...

7.1CVSS0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 10:17 p.m.8 views

CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.5CVSS0.0013EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:17 p.m.3 views

DEBIAN-CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:17 p.m.6 views

UBUNTU-CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/25 9:1 p.m.5 views

CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.5CVSS5.8AI score0.0013EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/25 9:1 p.m.9 views

CVE-2026-6330

The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:17 p.m.5 views

UBUNTU-CVE-2026-10097

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS5.8AI score0.00161EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/25 7:59 p.m.9 views

CVE-2026-10097

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS5.8AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 11:52 a.m.3 views

SUSE-SU-2026:22365-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Upgrade openCryptoki to version 3.27 jscPED-14609: Add base support for PKCS11 v3.2. Add support for PKCS11 v3.2 CVerifySignatureInit|Update|Final. Add support for PKCS11 v3.2 CEncapsulateKey/CDecapsulateKey. Soft/ICA/CCA/EP11: Add support f...

6.8CVSS5.8AI score0.00237EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52603

Name of the Vulnerable Software and Affected Versions ML-KEM affected versions not specified Description An issue exists in the ARM64 NEON ciphertext comparison where only half of the input is compared. This failure breaks the implicit rejection of the Fujisaki-Okamoto transform—a method used to...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/24 4:30 p.m.5 views

EUVD-2026-38979

In the Linux kernel, the following vulnerability has been resolved: bpf: testrun: Fix the null pointer dereference issue in bpflwtxmitpushencap The bpflwtxmitpushencap helper needs to access skbdstskb-dev to calculate the needed headroom: err = skbcowheadskb, len + LLRESERVEDSPACEskbdstskb-dev; B...

5.7AI score0.00176EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tpudpencaprecv. syzbot reported memleak of struct l2tpsession, l2tptunnel, sock, etc. 0 The cited commit moved down the validation of the protocol version in l2tpudpencaprecv. The new place requires an extr...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.16 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udpgrocomplete function assumes that all packets inserted into the receive queue have the encapsulation flag set to zero. However, this assumption is not true. Some hardware network cards ca...

5.5CVSS5.6AI score0.00114EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ip6tunnel: Use skbvlaninetprepare in ip6tnlrcv. The responsible commit did not handle VLAN encapsulation as detected by syzbot 1. Use skbvlaninetprepare instead of pskbinetmaypull. 1 BUG: KMSAN: uninit-value in...

7.5CVSS6.4AI score0.00468EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: gue: Fixed a skb memory leak associated with the inner IP protocol 0. The syzbot reported a skb memory leak below. 0 The repro process generated a GUE packet with its inner protocol set to 0. The function gueudprecv returns...

7.5CVSS5.7AI score0.00239EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 7:54 a.m.4 views

openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References5
Rows per page
Query Builder