Lucene search
K

49 matches found

NVD
NVD
added 5 days ago4 views

CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

0.00166EPSS
Exploits0References3
OSV
OSV
added 5 days ago2 views

UBUNTU-CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.8AI score0.00166EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-39837

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.9AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 5 days ago6 views

CVE-2026-53302

The CVE concerns the Linux kernel’s crypto/eip93 path. Specifically, eip93_hmac_setkey() creates a temporary ahash transform using a driver name (e.g., sha256-eip93) but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since EIP93 hash algorithms are inherently async, the loo...

5.9AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-52941

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the eip93 hmac setkey function where it incorrectly uses the CRYPTO ALG ASYNC mask when allocating a temporary ahash transform. Because EIP93 hash algorithms are...

5.8AI score0.00166EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in node-minimist

Minimist =1.2.5 is vulnerable to Prototype Pollution through the file index.js, the function setKey lines 69-95...

9.8CVSS6.9AI score0.04581EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000663 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...

5.5CVSS6.5AI score0.00504EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002450 advisory. crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is...

5.5CVSS6.5AI score0.00504EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-1589

Malicious code in bioql PyPI...

9.8CVSS7AI score0.04581EPSS
Exploits1References37
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-44906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906 Note that Nessus relies on the presence of t...

9.8CVSS7AI score0.04581EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2025/01/29 8:0 a.m.6 views

smb: client: fix NULL ptr deref in crypto_aead_setkey()

...

7.8CVSS6.9AI score0.00171EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/12/28 3:50 a.m.4 views

SUSE CVE-2024-53185

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

5.5CVSS7.7AI score0.00171EPSS
Exploits0References15
OSV
OSV
added 2024/12/27 2:15 p.m.10 views

AZL-54824 CVE-2024-53185 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

5.5CVSS6.6AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2024/12/27 2:15 p.m.2 views

DEBIAN-CVE-2024-53185

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

5.5CVSS5.7AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2024/12/27 2:15 p.m.1 views

UBUNTU-CVE-2024-53185

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

7.8CVSS6.2AI score0.00171EPSS
Exploits0References13
Redos
Redos
added 2024/05/07 12:0 a.m.28 views

ROS-20240507-05

Vulnerability of setKey function of minimist command line argument parsing library is related to uncontrolled change of object prototype attributes. Exploitation of the vulnerability could allow an attacker to implement a "prototype pollution" attack...

9.8CVSS6.9AI score0.04581EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/02/25 12:0 a.m.10 views

The vulnerability of the setKey() function in the minimist library, which allows a hacker to execute a “ prototype pollution ” attack.

The vulnerability of the setKey function in the minimist library relates to the uncontrolled modification of object prototype attributes. Exploiting this vulnerability could allow a remote attacker to execute a “prototype pollution” attack...

10CVSS7.1AI score0.04581EPSS
Exploits1References11Affected Software29
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.4 views

SUSE CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

5.5CVSS7.2AI score0.00504EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.6 views

SUSE CVE-2017-9211

The cryptoskcipherinittfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service NULL pointer dereference via a crafted application...

5.5CVSS7.1AI score0.0039EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.5 views

SUSE CVE-2021-44906

Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95...

5.6CVSS7.1AI score0.04581EPSS
Exploits1References13
Rows per page
Query Builder