CVE-2023-26084

LOW Year: 2023
CVSS v3 Score
3.7
Low
Weakness Type
CWE-665
View all →

Vulnerability Description

The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.

Related Vulnerabilities

CVE-2019-19411

LOW
CVSS:3.7(Low)

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper pro...

CWE-6652019

CVE-2024-25563

MEDIUM
CVSS:3.4(Low)

Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosu...

CWE-6652024

CVE-2025-21100

MEDIUM
CVSS:4.1(Medium)

Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access.

CWE-6652025

CVE-2018-0853

LOW
CVSS:3.3(Low)

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office in...

CWE-6652018

CVE-2019-15875

LOW
CVSS:3.3(Low)

In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect ...

CWE-6652019

CVE-2019-19126

LOW
CVSS:3.3(Low)

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing l...

CWE-6652019