CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

305 matches found

UbuntuCve•added 2024/01/31 5:15 a.m.•19 views

CVE-2024-0914

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS6.1AI score0.00422EPSS

Exploits0References4

OSV•added 2024/01/31 5:15 a.m.•0 views

UBUNTU-CVE-2024-0914

5.9CVSS5.7AI score0.00422EPSS

Exploits0References5

Vulnrichment•added 2024/01/31 4:53 a.m.•25 views

CVE-2024-0914 Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)

5.9CVSS6.4AI score0.00422EPSS

Exploits0References8

Cvelist•added 2024/01/31 4:53 a.m.•15 views

CVE-2024-0914 Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)

5.9CVSS5.7AI score0.00422EPSS

Exploits0References8

CVE•added 2024/01/31 4:53 a.m.•215 views

CVE-2024-0914

The CVE-2024-0914 issue affects the opencryptoki package and arises from a timing side-channel while processing RSA PKCS#1 v1.5 padded ciphertexts, enabling potential unauthorized RSA ciphertext decryption or signing without the private key. Connected advisories show OpenCryptoki is affected in v...

5.9CVSS5.3AI score0.00422EPSS

Exploits0References8Affected Software1

Debian CVE•added 2024/01/31 4:53 a.m.•13 views

CVE-2024-0914

5.9CVSS5.5AI score0.00422EPSS

Exploits0

SUSE CVE•added 2024/01/27 2:53 a.m.•1 views

SUSE CVE-2024-0914

5.9CVSS6.8AI score0.00422EPSS

Exploits0References5

RedhatCVE•added 2024/01/25 10:49 p.m.•20 views

CVE-2024-0914

5.9CVSS6.6AI score0.00422EPSS

Exploits0References4

Positive Technologies•added 2024/01/25 12:0 a.m.•1 views

PT-2024-2721 · Unknown +8 · Opencryptoki +8

Name of the Vulnerable Software and Affected Versions: opencryptoki affected versions not specified Description: A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized...

5.9CVSS6.3AI score0.00422EPSS

Exploits0References68

CNNVD•added 2024/01/25 12:0 a.m.•2 views

openCryptoki Security Vulnerability

openCryptoki is openCryptoki open source a PKCS11 library and tool for Linux. A security vulnerability exists in openCryptoki that stems from the discovery of a timing side channel vulnerability when processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could also lead to unauthorized decryptio...

5.9CVSS6.6AI score0.00422EPSS

Exploits0References5

CBLMariner•added 2023/09/28 11:57 a.m.•21 views

CVE-2021-3798 affecting package opencryptoki for versions less than 3.17.0-1

CVE-2021-3798 affecting package opencryptoki for versions less than 3.17.0-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.5AI score0.00154EPSS

Exploits0

Rockylinux•added 2023/05/18 7:17 p.m.•10 views

opencryptoki bug fix and enhancement update

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

6.6AI score

Exploits0

SUSE CVE•added 2023/02/15 5:44 a.m.•2 views

SUSE CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

2.9CVSS6.7AI score0.00655EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:44 a.m.•1 views

SUSE CVE-2012-4455

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptokistdll file in /var/lock/...

6.2CVSS6.7AI score0.00024EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 3:48 a.m.•2 views

SUSE CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

5.5CVSS8.8AI score0.00154EPSS

Exploits0References3

Rockylinux•added 2023/01/23 2:30 p.m.•13 views

opencryptoki bug fix update

An update is available for opencryptoki. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The opencryptoki packages contain version 2.11 of the PKCS11 API,...

0.6AI score

Exploits0

Rockylinux•added 2023/01/12 8:25 a.m.•17 views

opencryptoki bug fix and enhancement update

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The opencryptoki packages contain version 2.11 of the PKCS11 API,...

0.5AI score

Exploits0

Rockylinux•added 2022/11/08 6:27 a.m.•8 views

opencryptoki bug fix and enhancement update

1.8AI score

Exploits0

Rockylinux•added 2022/11/02 1:51 p.m.•12 views

opencryptoki bug fix and enhancement update

0.5AI score

Exploits0

Rockylinux•added 2022/09/13 7:37 a.m.•9 views

opencryptoki bug fix and enhancement update

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The opencryptoki packages contain version 2.11 of the PKCS11 API,...

0.5AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by