Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
AmazonAws Libcrypto

3 matches found

CVE
CVEadded 2026/03/02 9:15 p.m.22 views

CVE-2026-3336

This CVE affects AWS-LC: improper certificate validation in PKCS7_verify() can bypass certificate chain verification for PKCS7 objects with multiple signers (excluding the final signer). Impact is high (integrity risk) with network attack potential. AWS customers are not required to act, but appl...

8.7CVSS5.9AI score0.00681EPSS
CVE
CVEadded 2026/03/02 9:20 p.m.17 views

CVE-2026-3337

CVE-2026-3337 documents a timing side-channel in AES-CCM decryption within AWS-LC affecting EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. An unauthenticated user could potentially determine authentication tag validity via timing analysis. The impact and remediation are described by the a...

8.2CVSS5.9AI score0.01079EPSS
CVE
CVEadded 2026/03/02 9:22 p.m.15 views

CVE-2026-3338

The vulnerability CVE-2026-3338 arises from improper signature validation in PKCS7_verify() within the AWS-LC library, allowing an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Affected component: AWS-LC. Root cause: flawed sign...

8.7CVSS5.9AI score0.00703EPSS