Astra Linux - уязвимость в mbedtls

A vulnerability was discovered in Mbed TLS 2.x before version 2.28.7, and also in Mbed TLS 3.x before version 3.5.2. There was a timing-related side channel involved in RSA private operations. This side channel could allow a local attacker to recover the plaintext. To exploit this vulnerability,...

Astra Linux - уязвимость в nodejs

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

Astra Linux - уязвимость в php8.1, php7.3

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

Astra Linux - уязвимость в ruby2.5

A vulnerability was discovered in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

MiracleLinux 8 : iperf3-3.5-10.el8_10 (AXSA:2024-8525:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8525:01 advisory. iperf3: possible denial of service CVE-2023-7250 iperf3: vulnerable to marvin attack if the authentication option is used CVE-2024-26306 Tenable has...

MiracleLinux 9 : iperf3-3.9-13.el9 (AXSA:2024-9259:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9259:02 advisory. iperf3: possible denial of service CVE-2023-7250,ESNET-SECADV-2023-0002 iperf3: vulnerable to marvin attack if the authentication option is used...

MiracleLinux 9 : libgcrypt-1.10.0-11.el9 (AXSA:2024-9141:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9141:01 advisory. libgcrypt: vulnerable to Marvin Attack CVE-2024-2236 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

MGASA-2025-0287 Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

EUVD-2024-27360

Malicious code in bioql PyPI...

EUVD-2023-50975

Malicious code in bioql PyPI...

EUVD-2023-59133

Malicious code in bioql PyPI...

EUVD-2025-1595

Malicious code in bioql PyPI...

BIT-LIBPHP-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

Security update for perl-Crypt-OpenSSL-RSA

This update for perl-Crypt-OpenSSL-RSA fixes the following issues: CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for perl-Crypt-OpenSSL-RSA

This update for perl-Crypt-OpenSSL-RSA fixes the following issues: CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

iperf3 security update

An update is available for iperf3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Iperf is a tool which can measure maximum TCP bandwidth and tune various...

RLSA-2024:4241 Moderate: iperf3 security update

Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss. Security Fixes: iperf3: possible denial of service CVE-2023-7250 iperf3: vulnerable to marvin attack if the authentication option...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 8 : iperf3 (RLSA-2024:4241)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4241 advisory. iperf3: possible denial of service CVE-2023-7250 iperf3: vulnerable to marvin attack if the authentication option is used CVE-2024-26306 Tenable has...