1038 matches found
CVE-2025-7383
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
CVE-2025-7383 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
CVE-2025-7071 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
PT-2025-35196
Name of the Vulnerable Software and Affected Versions: Oberon PSA Crypto library versions 1.0.0 through 1.5.0 Description: A padding oracle attack allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations. Recommendations: Update to version 1.5.1 or late...
PT-2025-35195
Name of the Vulnerable Software and Affected Versions: ocrypto versions 3.1.0 through 3.9.1 Description: A padding oracle attack allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations. Recommendations: Update to a version later than 3.9.1...
Oberon microsystem AG ocrypto library 安全漏洞
Oberon microsystem AG ocrypto library is a cryptographic software library from the Swiss company Oberon. A security vulnerability exists in Oberon microsystem AG ocrypto library versions prior to 1.0.0 through 1.5.1, which stems from a padding predicate attack on the AES-CBC PKCS7 decryption...
Linux Distros Unpatched Vulnerability : CVE-2016-1000345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environmen...
CVE-2025-34091
A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...
CVE-2025-34091
Rejected reason: Neither filed by Chrome nor a valid security vulnerability...
CVE-2025-34091 Chrome Cookie Encryption Bypass via Padding Oracle Attack on AppBound Encryption
A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...
CVE-2025-34091
CVE-2025-34091 describes a padding oracle vulnerability in Google Chrome’s AppBound cookie encryption, due to DPAPI decryption error reporting in Windows Event Logs. A local attacker can send malformed SYSTEM-DPAPI ciphertext to Chrome’s elevation service, distinguish padding vs MAC errors, and p...
CVE-2025-34091
...
PT-2025-27672 · Google · Google Chrome
Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Description: A padding oracle vulnerability exists in Google Chrome's AppBound cookie encryption mechanism. This issue arises due to observable decryption failure behavior in Windows Event Logs wh...
conda-forge conda-smithy 信息泄露漏洞
conda-forge conda-smithy is a conda-forge open source tool for managing conda-forge raw materials. An information disclosure vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from the travisencryptbinstartoken implementation being at risk of an Oracle Padding...
CVE-2024-45384
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...
CVE-2023-41097
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...
CVE-2021-29443
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...
CVE-2021-29445
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29446
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2010-3299
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...