Lucene search
K

265 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-8720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When...

7.5CVSS6AI score0.00111EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

1.8CVSS0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39571

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6CVSS5.9AI score0.0016EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 8:56 p.m.6 views

CVE-2026-6331

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

7.5CVSS5.8AI score0.00147EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52604

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the EVP DigestVerifyFinal function where a zero-length tag could be accepted as valid during HMAC Hash-based Message Authentication Code...

7.5CVSS5.7AI score0.00147EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52605

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.9.0 Description The functions wc Blake2bHmacFinal and wc Blake2sHmacFinal discard the message when the key length exceeds the block size. This occurs because the key-hashing branch reinitializes the running hash state, which...

7.5CVSS5.9AI score0.00111EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52602

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description PKCS12 MAC verification uses a comparison length controlled by an attacker, which weakens the integrity check on the Message Authentication Code MAC and allows a...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Oracle Linux 9 : dovecot (ELSA-2026-19364)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19364 advisory. - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161640 - fix CVE-2025-59032: ManageSieve: Denial of Service via...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/06/10 1:26 p.m.12 views

CVE-2026-34181

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...

7.4CVSS7.2AI score0.00196EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.12 views

SUSE CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.5CVSS5.4AI score0.00123EPSS
Exploits0References9
CVE
CVE
added 2026/06/08 3:46 p.m.60 views

CVE-2026-46291

CVE-2026-46291 affects the Linux kernel crypto caam path, specifically hash_digest_key, where HMAC key bytes could be exposed via hex dumps when dynamic debugging is enabled. The reported fix changes the dumping approach to use print_hex_dump_devel() to avoid leaking sensitive HMAC key material a...

5.5CVSS5.4AI score0.00123EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5477

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wcCmacUpdate used the guard if cmac-totalSz != 0 to skip XOR-chaining on the first block where digest is all-zeros and the XOR is a no-op. However, totalSz is word32 and wrap...

8.2CVSS5.5AI score0.0042EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 1:33 p.m.13 views

OESA-2026-2480 lwip security update

lwip is a small independent implementation of the TCP/IP protocol suite. Security Fixes: A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument...

10CVSS7.6AI score0.01016EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/28 5:17 p.m.34 views

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS0.00105EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/22 5:27 p.m.15 views

aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler

Vulnerability Description In aiosend/webhook/base.py, the WebhookHandler.feedupdate method performs full deserialization of the incoming JSON via Pydantic before verifying the HMAC signature. Anyone can send a request with an arbitrary body — the server will parse it, spend CPU and memory, and on...

6AI score
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: The comparison of MACs has been fixed to be at constant time. To prevent timing attacks, MACs need to be compared at constant time. Use the appropriate helper functions for this purpose...

9.8CVSS5.6AI score0.00457EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be performed in constant time. Replace the memcmp function with the correct function, cryptomemneq...

7.4CVSS5.7AI score0.00392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:45 p.m.10 views

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

10CVSS7.7AI score0.01016EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/05/14 8:30 p.m.13 views

electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder