CVE-2026-5500

wolfSSL's wcPKCS7DecodeAuthEnvelopedData does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸...

SUSE SLES15 Security Update : kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:0168-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0168-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.164 fixes various security issues The following security issues were fixed: ...

SUSE-SU-2026:0186-1 Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.116 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50409: net: If sock is dead don't access sock's skwq i...

EUVD-2013-1653

Malware in sbrugna...

EUVD-2013-1655

Malware in sbrugna...

EUVD-2013-0208

Malware in sbrugna...

EUVD-2023-0309

Malicious code in bioql PyPI...

EUVD-2022-3089

Malicious code in bioql PyPI...

RHEL 6 : openssl098e (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: double-free in policy checks CVE-2011-4109 - The DTLS implementation in OpenSSL before 0.9.8s an...

SUSE CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

GHSA-2PJ2-GCHF-WMW7 Zip4j Origin Validation Error

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3...

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

PT-2023-18762 · Zip4J +2 · Zip4J +2

Name of the Vulnerable Software and Affected Versions: Zip4j versions prior to 2.11.3 Description: The issue is related to the decryption of ZIP archives, where the MAC is not always checked. This affects products that use Zip4j, including Threema. Recommendations: For versions prior to 2.11.3,...

Information Disclosure

python-cryptography is vulnerable to a key leakage. A lack of input validation on the finalizewithtag API allows an attacker to forge a GCM tag by crafting an invalid payload with a shortened tag to bypass the MAC check in a 1 in 256 chance, resulting in a possible key leakage...

Updated python-cryptography packages fix security vulnerability

The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker...

Security update for python-cryptography (moderate)

This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1...

GHSA-FCF9-3QW3-GXMJ PyCA Cryptography vulnerable to GCM tag forgery

A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...

PYSEC-2018-52

A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...

CVE-2018-10903

A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...