22 matches found
JLSEC-2026-262 Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware...
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
SUSE CVE-2026-28386
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the AES-CFB-128 process on x86-64 systems with AVX-512 and VAES support when processing partial cipher blocks. An attacker can cause a crash and application termination by providing input buffers that end at a memo...
DEBIAN-CVE-2026-28386
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...
CVE-2026-28386
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...
CVE-2026-28386
The CVE CVE-2026-28386 affects OpenSSL’s FIPS module (version 3.6) on x86-64 systems with AVX-512 and VAES. A partial-block processing path in AES-CFB-128 can trigger an out-of-bounds read of up to 15 bytes when the input buffer sits at a page boundary and the next page is unmapped, potentially c...
CVE-2026-28386 Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...
PT-2026-31035
Name of the Vulnerable Software and Affected Versions OpenSSL FIPS Module version 3.6 Description Applications utilizing AES-CFB128 encryption or decryption on systems equipped with AVX-512 and VAES support may experience an out-of-bounds read of up to 15 bytes when handling partial cipher blocks...
Amazon Linux 2 : edk2, --advisory ALAS2-2026-3150 (ALAS-2026-3150)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3150 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 When using...
EUVD-2023-40618
Malicious code in bioql PyPI...
BIT-MEDIAWIKI-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
Fedora 39 : mediawiki (2023-7e9d6015f6)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7e9d6015f6 advisory. https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/thread/H46H5ZYZG2PYUQ5STK7NWKF7GXYW7H6B/ Tenable has extracted t...
FreeBSD : mediawiki -- multiple vulnerabilities (95dad123-180e-11ee-86ba-080027eda32c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 95dad123-180e-11ee-86ba-080027eda32c advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...
CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
DEBIAN-CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
UBUNTU-CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
Design/Logic Flaw
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...
CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...