CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

EUVD-2026-28534

A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2...

CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

PT-2026-25372

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

GHSA-6P6V-M64V-JX8Q Apache Spark has Inadequate Encryption Strength

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

Improper Verification of Cryptographic Signature

Overview org.apache.spark:spark-network-common2.12 is an open-source distributed general-purpose cluster-computing framework. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the spark.network.crypto.enabled is true and the cipher is not...

EUVD-2017-0176

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986865)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986865 advisory. In the Linux kernel, the following vulnerability has been resolved: mac80211: fix use-after-free in CCMP/GCMP RX When PN checking is done in mac80211, for...

UBUNTU-CVE-2023-53599

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix missing initialisation affecting gcm-aes-s390 Fix afalgallocareq to initialise areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl. Without this, the gcm-aes-s390 driver will...

PT-2025-40762

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the crypto/af alg subsystem, specifically impacting the gcm-aes-s390 driver. A missing initialization in af alg alloc areq can lead to an issue...

AZL-51707 CVE-2024-50382 affecting package botan2 2.14.0-2

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...

CGA-GCMH-R6HP-JPVQ

Bulletin has no description...

Demo of AES GCM Misuse Problems

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode...

AZL-78558 CVE-2023-5363 affecting package openssl-fips-provider 3.1.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

CVE-2023-5363

CVE-2023-5363 : OpenSSL 3.0 and 3.1 are affected by a bug in key/IV length processing during EVP_Init_ex2/2 and EVP_CipherInit_ex2, where alterations to keylen/ivlen via OSSL_PARAM may not apply, causing truncation or overruns. This can yield non-unique IVs and, in CCM/GCM/OCB modes, potential lo...

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails...

K30215094: Ruby vulnerability CVE-2016-7798

Security Advisory Description The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. CVE-2016-7798 Impact There is no impact; F5...

SUSE CVE-2016-7798

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

kernel: DoS in ccp_run_aes_gcm_cmd() function

A memory leak flaw was found in the Linux kernel's ccprunaesgcmcmd function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability...