Lucene search
K

119 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: isotp: split the tx timer into transmission and timeout. The timer for the transmission of isotp PDUs previously had two functions: 1. sending two consecutive frames with a given time gap. 2. monitoring the timeouts for flow...

5.5CVSS6.2AI score0.00197EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.9 views

SUSE CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

6.5CVSS5.7AI score0.0032EPSS
Exploits0References12
OSV
OSV
added 2026/06/12 12:26 p.m.11 views

OESA-2026-2651 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied...

7.5CVSS5.7AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 3:14 a.m.26 views

MAL-2026-5549 Malicious code in @403name/fsevent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f86ca4502cc824c3684e8f1e08b088b974b4339829461b50d45e3fbc6f808eb On require, index.js runs an IIFE that gates to macOS, skips when CI or GITHUBACTIONS is set, waits 30-90 seconds, and writes a one-shot marker at...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 3:14 a.m.9 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

6.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 10:13 p.m.13 views

nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)

internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?newkey=&keyname= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the detai...

5.5AI score0.00012EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/10 10:13 p.m.6 views

GHSA-9PG3-25FQ-P6CC nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)

internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?newkey=&keyname= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the detai...

5.5CVSS5.5AI score0.00012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 1:22 p.m.13 views

CVE-2026-45445

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

9.1CVSS5.1AI score0.0032EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 12:16 a.m.14 views

CVE-2026-44505

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...

5.3CVSS0.00297EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48602

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description After the handleOperatorCreateAPIKey function in internal/web/operators.go:251 generates a 32-byte bearer token, the application redirects the browser to the endpoint /ui/operators/?new key=&key...

5.5CVSS5.9AI score0.00012EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-45445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV ...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35489

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS0.0032EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 5:17 p.m.10 views

ALPINE-CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.40 views

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

0.0032EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.254 views

CVE-2026-45445

CVE-2026-45445 describes a vulnerability in AES-OCB when using OpenSSL EVP_Cipher() in one-shot mode: the application-supplied IV is ignored, causing every encrypted message under the same key to use the same effective nonce. This leads to key/nonce reuse and potential confidentiality loss, and, ...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.10 views

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

5.8AI score0.0032EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.46 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47842

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description When using the AES-OCB cipher with the one-shot EVP Cipher interface, the application-supplied initialisation vector IV is silently discarded. This causes every message encrypted with the sam...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References120
RedHat Linux
RedHat Linux
added 2026/05/20 11:27 a.m.9 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS7.7AI score0.00579EPSS
Exploits0References10
Rows per page
Query Builder