Lucene search
K

20 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52586

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer underflow occurs in the wc PKCS7 DecryptOri function when processing specially crafted Other Recipient Info. This leads to incorrect length handling...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References9
OSV
OSV
added 2026/06/17 10:1 p.m.2 views

CVE-2026-50268 Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

1.9CVSS5.9AI score0.00046EPSS
Exploits0References4
Fedora
Fedora
added 2026/05/21 12:57 a.m.14 views

[SECURITY] Fedora 44 Update: opencryptoki-3.26.0-3.fc44

Opencryptoki implements the PKCS11 specification v3.0 and partially v3.1 for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770 crypto cards, and the Trusted Platform Module TPM chip. Opencryptoki also brings a software token implementation that can be used without any cryptog...

6.8CVSS5.8AI score0.00162EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/19 8:4 p.m.14 views

Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

9.1CVSS5.9AI score0.0026EPSS
Exploits0References9Affected Software2
Fedora
Fedora
added 2026/02/12 12:53 a.m.7 views

[SECURITY] Fedora 43 Update: p11-kit-0.26.2-1.fc43

p11-kit provides a way to load and enumerate PKCS11 modules, as well as a standard configuration setup for installing PKCS11 modules in such a way that they're discoverable...

7.5CVSS5.5AI score0.0116EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.24 views

Linux Distros Unpatched Vulnerability : CVE-2023-38408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded...

9.8CVSS7.6AI score0.76768EPSS
Exploits10References2
OSV
OSV
added 2025/08/14 10:9 a.m.4 views

SUSE-SU-2025:20593-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262...

7.5CVSS6.9AI score0.01118EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, which would send a specially crafted response to APDUs to the system. When buffers are partially filled with data, the initialized...

4.3CVSS6.8AI score0.003EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.3 views

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, causing the system to send a specially crafted response to APDUs. The following issues were caused by insufficient control over the...

3.9CVSS6.8AI score0.00355EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/06 4:28 p.m.2 views

Astra Linux - уязвимость в python-cryptography

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext...

5.9CVSS7AI score0.02454EPSS
Exploits0References2
OSV
OSV
added 2024/11/26 2:15 p.m.6 views

CVE-2024-11705

NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...

9.1CVSS5.7AI score0.00659EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/08/08 5:22 p.m.9 views

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

5.9CVSS7.3AI score0.00901EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/25 9:45 a.m.3 views

gnutls: timing side-channel in the RSA-PSK authentication

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.7AI score0.01257EPSS
Exploits0References5
OSV
OSV
added 2023/12/12 5:15 p.m.2 views

DEBIAN-CVE-2023-4421

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

6.5CVSS6.5AI score0.00628EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/20 12:0 a.m.6 views

The vulnerability of the PKCS#1 v1.5 standard implementation in the NSS (Network Security Services) library allows attackers to execute the Bleichenbacher attack or the Marvin attack.

The vulnerability of the PKCS1 v1.5 standard implemented by the NSS Network Security Services library is related to insufficient protection of service data due to timing discrepancies. Exploiting this vulnerability allows a remote attacker to execute the Bleichenbacher attack or the Marvin attack...

7.8CVSS6.9AI score0.00628EPSS
Exploits0References6Affected Software3
VulnCheck KEV
VulnCheck KEV
added 2023/07/26 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists...

9.8CVSS7.5AI score0.76768EPSS
Exploits10References1
Microsoft CVE
Microsoft CVE
added 2021/01/20 8:0 a.m.3 views

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API via timed processing of valid PKCS#1 v1.5 ciphertext.

...

5.9CVSS7AI score0.02454EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2018/09/05 1:29 p.m.3 views

CVE-2018-9194

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used...

5.9CVSS5.4AI score0.01134EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2017/07/20 3:59 p.m.6 views

OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)

A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...

5.9CVSS7.3AI score0.02598EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.8 views

jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key

A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...

5.9CVSS6.5AI score0.01756EPSS
Exploits0References5
Rows per page
Query Builder