Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-46597)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-46597 advisory. - An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM pack...

Security Bulletin: TDI is vulnerable to do not reject out of range writes due to uuid-11.1.0 - CVE-2026-41907

Summary portal-tdi, portal-tdl and portal gcm uses carbon data table and this library requires uuid 11.1.0 the same library have this CVE-2026-41907 Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6...

Linux Distros Unpatched Vulnerability : CVE-2026-46597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. CVE-2026-46597 Note that Nessu...

CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

MAL-2026-4576 Malicious code in hardhat-gas-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71b0b8dd866d9c1f4516f4e537a2d61ea3cbe87f06b0195a24c0dea76fef44c0 This package typosquats the widely-used hardhat-gas-reporter Hardhat plugin matching its cache filename .hardhatgasreporteroutput.json and replicatin...

SUSE CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

Incorrect Type Conversion or Cast

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...

EUVD-2026-31388

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597

CVE-2026-46597 describes an incorrectly placed cast from bytes to int that can cause a server-side panic in the AES-GCM packet decoder when processing crafted inputs. The entry lists high availability impact with network-based exploitability and no privileges required, but the provided documents ...

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

GO-2026-5013 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

PT-2026-42717

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An incorrectly placed cast from bytes to int in the AES-GCM packet decoder allows for a server-side panic when processing well-crafted inputs. A server-side pani...

OrchidMantis

Orchid Mantis A Framework for ZKPoX — Zero-Knowledge Proof...

Linux Distros Unpatched Vulnerability : CVE-2026-6986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the...

EUVD-2026-28534

A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2...

CVE-2026-8149

CVE-2026-8149 affects Legion of the Bouncy Castle BC-FJA/BC-FIPS on Linux x86_64 with AVX/AVX-512f. Vulnerable components: gcm128w and gcm512w ; affected versions: 2.1.0–2.1.2 . Root cause details and specific fixes are not provided in the documents. No exploitation details are included. No remed...

CVE-2026-8149 GCM chunking can lead to bad tag exception on decryption

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...

CVE-2026-8149 GCM chunking can lead to bad tag exception on decryption

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...