Lucene search
K

65 matches found

Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.11 views

PT-2025-47653

Name of the Vulnerable Software and Affected Versions hpke-js versions prior to 1.7.5 Description The software contains a race condition in the public SenderContext Seal API. This allows the reuse of the same AEAD nonce for multiple Seal calls, potentially leading to a complete loss of...

9.1CVSS6.5AI score0.00193EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.6 views

Separating Pseudorandom Generators from Logarithmic Pseudorandom States

Pseudorandom generators PRGs are a foundational primitive in classical cryptography, underpinning a wide range of constructions. In the quantum setting, pseudorandom quantum states PRSs were proposed as a potentially weaker assumption that might serve as a substitute for PRGs in cryptographic...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/22 12:0 a.m.4 views

Quantum Public Key Encryption for NISQ Devices

Quantum public-key encryption PKE, where public-keys and/or ciphertexts can be quantum states, is an important primitive in quantum cryptography. Unlike classical PKE e.g., RSA or ECC, quantum PKE can leverage quantum-secure cryptographic assumptions or the principles of quantum mechanics for...

6.7AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/08/07 3:38 a.m.2 views

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

5.9CVSS9.8AI score0.01114EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2025/07/10 12:0 a.m.3 views

LINE: Public-Key Encryption

We propose a public key encryption cryptosystem based on solutions of linear equation systems with predefinition of input parameters through shared secret computation for factorizable substitutions. The existence of multiple equivalent solutions for an underdetermined system of linear equations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/21 12:0 a.m.5 views

Anamorphic Cryptography with Elliptic Curve Methods

In 2022, Persianom, Phan and Yung outlined the creation of Anamorphic Cryptography. With this, we can create a public key to encrypt data, and then have two secret keys. These secret keys are used to decrypt the cipher into different messages. So, one secret key is given to the Dictator who must ...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.9 views

The vulnerability of the IBM Robotic Process Automation software lies in its use of the RSA algorithm without the OAEP algorithm. This allows a perpetrator to disclose the protected information.

The vulnerability of the IBM Robotic Process Automation software lies in the use of the RSA algorithm instead of the OAEP algorithm. Exploiting this vulnerability allows a remote attacker to disclose the protected information...

5.9CVSS5.5AI score0.00274EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/24 11:8 a.m.3 views

OESA-2024-1639 iperf3 security update

Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers. Security Fixes: iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a...

5.9CVSS6.8AI score0.01107EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/22 11:45 a.m.2 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/04/30 10:27 a.m.3 views

golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...

7.5CVSS7.3AI score0.0125EPSS
Exploits0References5
OSV
OSV
added 2024/04/25 5:15 p.m.6 views

AZL-44739 CVE-2024-2467 affecting package perl-Crypt-OpenSSL-RSA 0.33-1

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.2AI score0.00516EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/16 5:28 p.m.1 views

opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.7AI score0.00878EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:15 p.m.2 views

DEBIAN-CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS6.2AI score0.01114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.4 views

PT-2024-15383

Name of the Vulnerable Software and Affected Versions cryptlib affected versions not specified Description A security issue has been identified in the cryptlib cryptographic library when it is compiled with support for RSA key exchange ciphersuites in TLS. This makes it vulnerable to the timing...

5.9CVSS6.2AI score0.00311EPSS
Exploits0References6
OSV
OSV
added 2023/02/15 6:15 p.m.1 views

ALPINE-CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

7.4CVSS6.8AI score0.01403EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.2 views

SUSE CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

5.3CVSS6.6AI score0.03838EPSS
Exploits0References55
OSV
OSV
added 2022/08/20 8:15 p.m.4 views

DEBIAN-CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

7.5CVSS7.3AI score0.00291EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2022/07/06 4:49 p.m.18 views

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

NISTs post-quantum computing cryptography standard process is entering its final phases. It announced the first four algorithms: For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption key...

1.2AI score
Exploits0
NVD
NVD
added 2017/12/27 5:8 p.m.17 views

CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and ...

5.9CVSS5.6AI score0.01119EPSS
Exploits0References5
CNVD
CNVD
added 2017/12/25 12:0 a.m.2 views

Enigmail Information Disclosure Vulnerability (CNVD-2018-00135)

Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and SeaMonkey web packages that provides OpenPGP's email public key encryption and signing capabilities. An information disclosure vulnerability exists in versions of Enigmail prior to 1.9.9. An attacker can exploit th...

7.5CVSS6.1AI score0.01608EPSS
Exploits0References1
Rows per page
Query Builder