Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31736

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

6CVSS5.9AI score0.00264EPSS
Exploits0References2
Anthropic
Anthropic
added 2026/03/29 8:42 p.m.19 views

ANT-2026-SB4PHA43 · wolfSSL · Cryptographic Nonce Reuse

crypto-failure high CVE-2026-5446 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Calif. ANT-2026-SB4PHA43: ARIA-GCM Nonce Reuse in TLS 1.2 Record...

7.1CVSS5.8AI score0.00264EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.199 views

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

9.8CVSS6.3AI score0.47621EPSS
Exploits7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15007

Malware in sbrugna...

5.9CVSS5.7AI score0.03183EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-1398

Malware in sbrugna...

5.9CVSS5.7AI score0.03099EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.9 views

CVE-2024-23688

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5.3CVSS5.6AI score0.00489EPSS
Exploits0References1
Prion
Prion
added 2024/01/19 10:15 p.m.23 views

Code injection

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5CVSS7.2AI score0.00489EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/07/26 5:15 p.m.2 views

DEBIAN-CVE-2021-32791

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...

5.9CVSS6.4AI score0.01503EPSS
Exploits0References1
NVD
NVD
added 2017/02/08 4:59 p.m.23 views

CVE-2017-5933

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in ...

5.9CVSS5.7AI score0.03183EPSS
Exploits0References3
NVD
NVD
added 2017/02/08 4:59 p.m.21 views

CVE-2016-10213

A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270...

5.9CVSS5.8AI score0.02058EPSS
Exploits0References3
NVD
NVD
added 2017/02/08 4:59 p.m.27 views

CVE-2016-10212

Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product...

5.9CVSS5.8AI score0.03059EPSS
Exploits0References3
CVE
CVE
added 2017/02/08 4:0 p.m.60 views

CVE-2016-10212

CVE-2016-10212 describes a GCM nonce reuse issue in Radware devices (note: may involve a third-party Cavium product) that allows remote attackers to obtain the authentication key and spoof data via a “forbidden attack.” Root cause: reuse of the initial nonces in GCM. Affected: Radware devices. Ex...

5.9CVSS5.7AI score0.03059EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/02/08 4:0 p.m.51 views

CVE-2016-10213

CVE-2016-10213 affects A10 AX1030 and possibly other devices running software before 2.7.2-P8. The vulnerability arises from random GCM nonce generation, enabling remote attackers to obtain the authentication key and spoof data by reusing a nonce in a session, described as a “forbidden attack” si...

5.9CVSS5.7AI score0.02058EPSS
Exploits0References3Affected Software1
Citrix
Citrix
added 2017/02/06 5:0 a.m.25 views

CVE-2017-5933 - Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway GCM nonce generation

Description of Problem A flaw in NetScaler ADC and Gateway causes GCM nonces to be randomly generated, making it marginally easier for remote attackers to obtain the GCM authentication key and spoof data within a session. The following vulnerability has been addressed: CVE-2017-5933: Vulnerabilit...

5.9CVSS0.1AI score0.03183EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/06/20 12:0 a.m.44 views

SOL05405841 - GCM nonce vulnerability CVE-2016-0270

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

5.9CVSS2.8AI score0.03099EPSS
Exploits0References4
Rows per page
Query Builder