25564 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decryptcek function. An attacker can cause excessive CPU resource consumption by supplying a crafted JSON Web Encryption JWE token with an unbounded p2c parameter value, leadi...
joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)
Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...
GHSA-W5R5-M38G-F9F9 joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)
Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...
CVE-2026-0995
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...
CVE-2026-0995
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...
CVE-2026-0995
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...
CVE-2026-0995
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...
CVE-2026-0995
Technical details about CVE-2026-0995 are not publicly available in the provided connected documents. The descriptions consistently mention Arm C1-Pro TLBI+DSB memory-access completion issue, but no specifics on affected versions, exploits, or fixes.
udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...
PT-2026-22600
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There are security vulnerabilities in Qualcomm Chipsets, which stem from improper configuration. These vulnerabilities may lead to encryption issues when initiating VoWiFi calls from the UE device...
PT-2026-22703
Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description An observable timing discrepancy in AES-CCM decryption within AWS-LC could allow an unauthenticated user to potentially determine authentication tag validity through timing analysis. The impacted...
Tinc Virtual Private Network Daemon 1.0.37
tinc is a Virtual Private Network VPN daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information...
PT-2026-22699
Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.2 and earlier Description joserfc is a Python library implementing JSON Object Signing and Encryption JOSE standards. A resource exhaustion issue in joserfc can lead to a Denial of Service DoS through CPU exhaustion. When...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets. These vulnerabilities stem from shared VM references that allow HLOS access to bootloaders and certificate chains, potentially leading to...
CVE-2026-1442
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...
Security Is Not Enough: Privacy in Encryption Regulation and Lawful-Surveillance Protocols
This article argues that security is not enough to fully capture what is at stake in government exceptional access to encrypted data. A conception of privacy as security has little to say about "lawful-surveillance protocols'' -- an active research agenda in cryptography that aims to enable...
IBM WebSphere Application Server 8.5.5.3 < 8.5.5.30 / 9.x < 9.0.5.27 / Liberty 21.0.0.3 < 26.0.0.3 DoS (7261794)
The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7261794 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an...
EUVD-2026-8994
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...
CVE-2026-1442
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...