MiracleLinux 4 : openssl-1.0.0-20.AXS4.1 (AXSA:2012-76:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-76:02 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

CVE-2025-68931

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

CVE-2025-68698

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

CVE-2025-68931 Jervis has AES CBC Mode Without Authentication

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

CVE-2025-68931 Jervis has AES CBC Mode Without Authentication

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

CVE-2025-68931 Jervis has AES CBC Mode Without Authentication

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the AES/CBC/PKCS5Padding...

GHSA-GXP5-MV27-VJCJ Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

Jervis Has a RSA PKCS#1 Padding Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL463-L465...

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the PKCS1Encoding function. A...

MiracleLinux 7 : nettle-2.7.1-9.0.1.el7.AXS7 (AXSA:2025-10914:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10914:02 advisory. Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages C++, Python,...

PT-2026-2557

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

MiracleLinux 7 : openssl-1.0.2k-26.0.4.el7.AXS7 (AXSA:2025-10514:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10514:03 advisory. CVE-2019-1563: fix information disclosure in PKCS7dataDecode and CMSdecryptset1pkey CVEs: CVE-2019-1563 In situations where an attacker receives automated...

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...

PT-2026-25780

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.9 Description Authlib, a Python library for building OAuth and OpenID Connect servers, contains a cryptographic padding oracle vulnerability in the implementation of the JSON Web Encryption JWE RSA1 5 key manageme...

JLSEC-2025-233 Padding oracle through timing of cipher error reporting

Vulnerability In symmetric encryption modes that involve padding, if an attacker can submit ciphertexts for decryption and learn whether the padding is valid, this provides partial information about the plaintext. If the attacker can also submit input that the victim encrypts together with a...

HP Integrated Lights-Out Cryptographic Issues (CVE-2016-4379)

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. This plugin only...

EUVD-2014-8562

Malware in sbrugna...