84 matches found
CVE-2026-32313
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...
CVE-2026-32600
A flaw was found in xml-security, a library for XML signatures and encryption. This vulnerability arises from a lack of validation for the authentication tag length in XML nodes encrypted with AES-GCM Advanced Encryption Standard Galois/Counter Mode. A remote attacker can exploit this by...
EUVD-2026-12099
simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption...
CVE-2026-32313 xmlseclibs is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...
PT-2026-25372
Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...
PT-2026-25375
Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...
SUSE SLES12 Security Update : mozilla-nss (SUSE-SU-2026:0814-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0814-1 advisory. Update to NSS 3.112.3: CVE-2026-2781: Avoid integer overflow in platform-independent ghash bsc1258568 Tenable has extracted the preceding description...
Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: Update to NSS 3.112.3: CVE-2026-2781: Avoid integer overflow in platform-independent ghash bsc1258568 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:0814-1 Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: Update to NSS 3.112.3: CVE-2026-2781: Avoid integer overflow in platform-independent ghash bsc1258568...
Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: Update to NSS 3.112.3: CVE-2026-2781: Avoid integer overflow in platform-independent ghash bsc1258568 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:0813-1 Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: Update to NSS 3.112.3: CVE-2026-2781: Avoid integer overflow in platform-independent ghash bsc1258568...
USN-8071-2 nss vulnerability
USN-8071-1 fixed a vulnerability in nss. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote...
USN-8071-2: NSS vulnerability
USN-8071-1 fixed a vulnerability in nss. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote...
USN-8071-1 nss vulnerability
It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code...
Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: update to NSS 3.112.3: CVE-2026-2781: Avoid integer overflow in platform-independent ghash bsc1258568 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:0740-1 Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: update to NSS 3.112.3: CVE-2026-2781: Avoid integer overflow in platform-independent ghash bsc1258568...
EUVD-2011-4032
Malware in sbrugna...
ROS-20250911-10
A vulnerability in the lib/utils/ghash/ghash.cpp component of the Botan cryptographic library is related to the disclosure of information through an inconsistency. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...
SUSE CVE-2025-54887
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...
CVE-2025-54887 jwe: Missing AES-GCM authentication tag validation in encrypted JWEs
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...