Lucene search
K

192 matches found

NVD
NVD
added 2026/03/20 3:16 a.m.8 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS0.00374EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 3:16 a.m.4 views

DEBIAN-CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

5.9CVSS5.7AI score0.00374EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 2:48 a.m.3 views

CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS6.2AI score0.00374EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:48 a.m.11 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 2:48 a.m.5 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0
Apache Tomcat
Apache Tomcat
added 2026/03/20 12:0 a.m.10 views

Fixed in Apache Tomcat 9.0.116

Moderate: The fix forCVE-2025-66614 was incomplete CVE-2026-32990 The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This was fixed with commit 95f77782. This issue was reported to the Tomcat security team o...

9.1CVSS6.7AI score0.0504EPSS
Exploits3Affected Software1
EUVD
EUVD
added 2026/02/27 9:30 a.m.5 views

EUVD-2026-9008

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

6.5CVSS5.9AI score0.00199EPSS
Exploits0References7
NVD
NVD
added 2026/02/27 9:16 a.m.9 views

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

9.1CVSS0.00199EPSS
Exploits0References6
OSV
OSV
added 2026/02/27 9:16 a.m.6 views

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

9.1CVSS5.8AI score0.00199EPSS
Exploits0References6
CVE
CVE
added 2026/02/27 8:40 a.m.21 views

CVE-2026-1626

The vulnerability CVE-2026-1626 affects SICK LMS1000 and SICK MRS1000 devices, where the SSH service may accept weak CBC-based cipher suites. This could allow an attacker with network access to observe or manipulate portions of SSH communications. Red Hat and other sources corroborate a CBC-relat...

9.1CVSS5.9AI score0.00199EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/02/27 8:40 a.m.24 views

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

6.5CVSS0.00199EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.7 views

MiracleLinux 3 : openssh-4.3p2-29.2AXS3 (AXSA:2009-395:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-395:02 advisory. SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure...

3.7CVSS6.9AI score0.15395EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/13 7:17 p.m.4 views

EUVD-2026-2022

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

8.7CVSS6.3AI score0.00172EPSS
Exploits0References7
CVE
CVE
added 2026/01/13 7:17 p.m.14 views

CVE-2025-68931

Jervis (net.gleske:jervis) before version 2.2 uses AES/CBC/PKCS5Padding without authentication, making it susceptible to padding oracle attacks and ciphertext manipulation. The issue is fixed in Jervis 2.2 by migrating to AES/GCM/NoPadding. Affected products: Jervis library for Job DSL plugin scr...

8.7CVSS6.4AI score0.00172EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:56 p.m.10 views

Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

8.7CVSS6.9AI score0.00172EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...

8.7CVSS5.8AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2025/11/21 3:59 p.m.6 views

JLSEC-2025-233 Padding oracle through timing of cipher error reporting

Vulnerability In symmetric encryption modes that involve padding, if an attacker can submit ciphertexts for decryption and learn whether the padding is valid, this provides partial information about the plaintext. If the attacker can also submit input that the victim encrypts together with a...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2025/11/21 3:59 p.m.5 views

JLSEC-2025-202 A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware M...

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

5.5CVSS7.3AI score0.00368EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.6 views

Siemens RUGGEDCOM ROS Devices Use of a Broken or Risky Cryptographic Algorithm (CVE-2025-41223)

The affected devices support the TLSECDHEECDSAWITHAES128CBCSHA256 cipher suite, which uses CBC Cipher Block Chaining mode that is known to be vulnerable to timing attacks. This could allow an attacker to compromise the integrity and confidentiality of encrypted communications. This plugin only...

8.8CVSS5.4AI score0.00285EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-1066

Malware in sbrugna...

5CVSS5.8AI score0.03211EPSS
Exploits0References5
Rows per page
Query Builder