13 matches found
Fedora 42 : rnp (2025-7bef956026)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-7bef956026 advisory. Version 0.18.1 Security Fixed critical issue where PKESK public-key encrypted session keys were generated as all-zero, allowing trivial decryption o...
Fedora 43 : rnp (2025-a96ccc98ca)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a96ccc98ca advisory. Version 0.18.1 Security Fixed critical issue where PKESK public-key encrypted session keys were generated as all-zero, allowing trivial decryption o...
OPENSUSE-SU-2025:20116-1 Security update for rnp
This update for rnp fixes the following issues: - update to 0.18.1: CVE-2025-13470: PKESK public-key encrypted session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only boo1253957, CVE-2025-13402...
CVE-2025-13470
creationtimestamp| type| source ---|---|--- 2025-11-21 19:42:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m66247hppf2n...
DEBIAN-CVE-2025-13470
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...
CVE-2025-13470
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...
CVE-2025-13470 RNP 0.18.0 Vulnerable PKESK session keys
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...
CVE-2024-13470
creationtimestamp| type| source ---|---|--- 2025-01-30 07:26:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113916114728274376 2025-01-30 08:15:57+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgx26d563n2r 2025-01-30 10:04:59+00:00| seen|...
CVE-2020-13470
CVE-2020-13470 affects Gigadevice GD32F103 and GD32F130 microcontrollers. The root cause is physical access enabling probing of bonding wires to de-obfuscate and extract data, with potential high integrity impact and no public remediation details in the provided documents. Monitor for vendor advi...
CVE-2019-13470
CVE-2019-13470 affects MatrixSSL prior to 4.2.1. It is an out-of-bounds read during ASN.1 handling, with network-based exploitation, no authentication, and high impact to confidentiality, integrity, and availability. Remediation: upgrade to MatrixSSL 4.2.1 or apply vendor patch as available.
CVE-2019-13470
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling...
CVE-2018-13470
The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
CVE-2018-13470
The CVE-2018-13470 entry concerns an integer overflow in the mintToken function of a BuyerToken smart contract (an Ethereum token). The vulnerability allows the contract owner to set an arbitrary user’s balance to any value, as described in multiple sources (e.g., NVD/CNVD/CVE records) and linked...