Lucene search
K

167 matches found

OSV
OSV
added 2025/05/06 3:10 a.m.4 views

USN-7480-1 openjdk-8 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An...

7.4CVSS6.9AI score0.0073EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2025/05/06 3:10 a.m.53 views

USN-7480-1: OpenJDK 8 vulnerabilities

Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An...

7.4CVSS6.9AI score0.0073EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.12 views

Ubuntu 24.10 / 25.04 : OpenJDK 24 vulnerabilities (USN-7484-1)

The remote Ubuntu 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7484-1 advisory. Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain...

7.4CVSS6.9AI score0.0073EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-3296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style...

5.9CVSS6.2AI score0.00415EPSS
Exploits0References2
OSV
OSV
added 2025/03/12 5:37 a.m.12 views

USN-7346-1 opensc vulnerabilities

It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...

7.1CVSS7.3AI score0.02675EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2025/02/05 7:51 p.m.9 views

CVE-2022-40722

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS6.8AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2024/11/21 1:52 p.m.14 views

CLSA-2024-1732197150 Fix of 20 CVEs

Update to 8u432-ga fixing a number of CVEs - CVE-2024-20918: missing array range check in C1 compiler leads to out-of-bounds access - CVE-2024-20919: unverified bytecode execution because of the flaw in JVM class file verifier - CVE-2024-20921: optimization issue of loop range check in IfNode and...

7.4CVSS7.2AI score0.01361EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/07/25 7:26 p.m.9 views

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

5.9CVSS7.3AI score0.00901EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.5 views

Opensc: side-channel leaks while stripping encryption pkcs#1 padding

...

5.9CVSS6.5AI score0.01156EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/05/23 9:27 a.m.21 views

USN-6663-3: OpenSSL update

USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS1 v1.5 RSA to...

5.4AI score
Exploits0References1
OSV
OSV
added 2024/04/25 5:15 p.m.9 views

UBUNTU-CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.8AI score0.00516EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/04/23 2:14 p.m.3 views

opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.7AI score0.00878EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/25 8:29 p.m.2 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/25 6:35 p.m.7 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.2AI score0.00918EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/25 6:14 p.m.11 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.2AI score0.00918EPSS
Exploits0References5
OSV
OSV
added 2024/03/18 4:6 a.m.5 views

USN-6696-1 openjdk-8 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

7.4CVSS7.1AI score0.01026EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2024/03/18 4:6 a.m.80 views

USN-6696-1: OpenJDK 8 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

7.4CVSS7.2AI score0.01026EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/03/18 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-6696-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.2AI score0.01026EPSS
Exploits0References2
Mageia
Mageia
added 2024/03/15 2:49 a.m.92 views

Updated java 1.8.0, 11 & latest packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Array out-of-bounds access due to missing range check in C1 compiler. CVE-2024-20918 RSA padding issue and timing side-channel attack against TLS. CVE-2024-20952 Arbitrary Java code execution in Nashorn. CVE-2024-20926 JVM class file verifier fla...

7.4CVSS7.8AI score0.01026EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/15 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2024-0061)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.1AI score0.01026EPSS
Exploits0References6
Rows per page
Query Builder