Lucene search
+L

21 matches found

CVE
CVE
added yesterday22 views

CVE-2026-50185

CVE-2026-50185 affects RustCrypto CMOV (cmov crate) aarch64 backends where Cmov and CmovEq incorrectly assume high bits are zero-extended when loading small values, causing left.cmovz and cmoveq operations to produce incorrect results under certain casts or inline-asm paths. Affected range is 0.1...

2CVSS5.4AI score
Exploits0References3
Cvelist
Cvelist
added yesterday25 views

CVE-2026-50185 RustCrypto Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, the aarch64 implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs assume high bits ar...

2CVSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/02 5:18 p.m.12 views

Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set

Summary The aarch64 implementations of Cmov and CmovEq seem to assume that the high bits when loading a value of size smaller than a register into a register are zero-extended. However, this is not the case and these bits are unspecified. This can result in a left.cmovz&right, condition not movin...

2CVSS5.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/02 5:18 p.m.6 views

GHSA-3RJW-M598-PQ24 Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set

Summary The aarch64 implementations of Cmov and CmovEq seem to assume that the high bits when loading a value of size smaller than a register into a register are zero-extended. However, this is not the case and these bits are unspecified. This can result in a left.cmovz&right, condition not movin...

6.9CVSS5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55463

Name of the Vulnerable Software and Affected Versions RustCrypto CMOV versions 0.1.1 through 0.5.3 Description On aarch64 platforms, the implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs incorrectly assume that high bits are zero-extended when loading values smaller than a...

6.9CVSS5.3AI score
Exploits0References5
NVD
NVD
added 2026/06/19 2:16 p.m.16 views

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:48 p.m.9 views

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50902

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An incorrect conversion between numeric types occurs in NI grpc-device due to missing range checks in CodeGen. This issue may result in the silent discarding of high bits if a size value...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References6
OSV
OSV
added 2026/05/28 10:16 a.m.19 views

UBUNTU-CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 9:36 a.m.15 views

EUVD-2026-32820

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.8AI score0.00128EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.17 views

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
CVE
CVE
added 2026/05/28 9:36 a.m.37 views

CVE-2026-46193

CVE-2026-46193 concerns a Linux kernel xfrm AH (AH) implementation issue where ESN high bits are not accounted for in async callback paths, causing miscalculation of ICV/auth offsets on IPv4/IPv6 when ESN is enabled and async hmac is used. The vulnerability arises from reconstructing the temporar...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/28 9:36 a.m.2 views

CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox

When parsing internationalized domain names, the high bits of the characters in the URLs were sometimes removed, resulting in inconsistencies that could cause confusion for users or lead to attacks like phishing. This vulnerability affects Firefox versions earlier than 94...

4.3CVSS4.9AI score0.00544EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/18 3:18 p.m.6 views

CVE-2026-23215

In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 PF: supervisor write access in kernel mode PF: errorcode0x0002 - not-present page Hardware...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References14
OSV
OSV
added 2026/02/18 3:18 p.m.6 views

UBUNTU-CVE-2026-23215

In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 PF: supervisor write access in kernel mode PF: errorcode0x0002 - not-present page Hardware...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References15
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: synclinked regs must preserve subregdef Range propagation must not affect subregdef marks. Otherwise, the following example is rewritten incorrectly by the verifier when the BPFFTESTRNDHI32 flag is set: 0: call bpfktimegetns...

5.5CVSS6.3AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.5 views

SUSE CVE-2021-43533

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox 94...

4.3CVSS8.3AI score0.00544EPSS
Exploits0References3
OSV
OSV
added 2021/12/08 10:15 p.m.3 views

CVE-2021-43533

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox 94...

4.3CVSS6.7AI score0.00544EPSS
Exploits0References2
OSV
OSV
added 2021/12/08 10:15 p.m.7 views

UBUNTU-CVE-2021-43533

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox 94...

4.3CVSS5.8AI score0.00544EPSS
Exploits0References5
Rows per page
Query Builder