Lucene search
K

16 matches found

NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6.5CVSS0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:41 p.m.28 views

CVE-2026-6291 Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:41 p.m.15 views

CVE-2026-6291

CVE-2026-6291 affects wolfSSL (v4.0) and describes a Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption used for EnvelopedData. The vulnerability arises because error codes differed between RSA padding validation failure and malformed decrypted content, enabling an attacker t...

6.5CVSS5.9AI score0.00152EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 4:41 p.m.6 views

EUVD-2026-39482

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS5.9AI score0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:41 p.m.2 views

CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS5.9AI score0.00152EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/08 5:46 a.m.8 views

BIT-JRE-2024-47544 GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling

GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10...

7.5CVSS6.8AI score0.01051EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/16 8:53 p.m.6 views

Timing Attack

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Timing Attack via the unwrap length check in jwealgs.py. An attacker can recover the CEK and decrypt or forge JWE tokens by sending malformed RSA15 ciphertexts and...

8.3CVSS5.8AI score0.00142EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.9 views

Hemmelig 安全漏洞

Hemmelig is a content encryption software from Hemmelig Open Source. A security vulnerability exists in Hemmelig versions prior to 7.3.3 that stems from an SSRF filter bypass in Webhook URL validation, which could lead to server-side request forgery attacks...

4.3CVSS5.8AI score0.0019EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/05/13 8:36 a.m.5 views

gstreamer1-plugins-good: NULL-pointer dereferences in MP4/MOV demuxer CENC handling

A flaw was found in the GStreamer library. Multiple NULL pointer dereferences in the MP4/MOV demuxer's CENC handling can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash...

7.5CVSS5.7AI score0.01051EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2023/03/23 9:30 p.m.6 views

com.bpfaas:bps-config-server-spring-cloud-starter (>=0.0.1-RELEASE <=3.2.2), com.github.paulcwarren:spring-content-encryption (>=2.7.0 <=2.9.0) +138 more potentially affected by CVE-2023-20859 via org.springframework.vault:spring-vault-core (>=1.0.0.RELEASE <=2.3.2)

org.springframework.vault:spring-vault-core MAVEN version =1.0.0.RELEASE, =0.0.1-RELEASE, =2.7.0, =0.8, =0.8, =0.8, =0.8, =2.4.0, =0.9.1, =0.9.12, =0.10.2, =1.1.6, =1.2.16 and more Source cves: CVE-2023-20859 Source advisory: OSV:GHSA-R47R-87P9-8JH3...

5.5CVSS6.4AI score0.00223EPSS
Exploits0
CNVD
CNVD
added 2021/10/09 12:0 a.m.14 views

Bosch Rexroth IndraMotion Mlc has an unspecified vulnerability

Bosch Rexroth IndraMotion Mlc is a new device that combines motion and logic control, as well as robotics control.A security vulnerability exists in Bosch Rexroth IndraMotion Mlc, which stems from a network system or product that does not properly use the relevant cryptographic algorithms, and...

8.6CVSS1.4AI score0.00582EPSS
Exploits0References1
Into the symmetry
Into the symmetry
added 2017/03/13 6:44 p.m.94 views

Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516

tl;dr if you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4j with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web Encryption JWE hence many software libraries implementing this specification used to suffer from a classic Invalid Curve Attack. This would allow a...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/05/12 12:0 a.m.5 views

Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code

The vulnerability of the stagefright::SampleTable::parseSampleCencInfo function in the libstagefright component of Firefox and Firefox ESR browsers is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating CENC...

6.8CVSS8.3AI score0.0378EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2016/04/30 5:59 p.m.3 views

DEBIAN-CVE-2016-2814

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to...

8.8CVSS8.2AI score0.0378EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/28 12:0 a.m.3 views

Mozilla Firefox and Firefox ESR libstagefright buffer overflow vulnerability

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open-source web browser; Firefox ESR is an extended-support version of Firefox. libstagefright is one of the hard-coding support libraries. A buffer overflow vulnerability exist...

8.8CVSS9AI score0.0378EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/04/26 7:44 p.m.4 views

Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44)

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to...

8.8CVSS8AI score0.0378EPSS
Exploits0References5
Rows per page
Query Builder