Lucene search
K

48 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:56 p.m.19 views

CVE-2020-4045

SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...

7.5CVSS6.2AI score0.01292EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/21 5:23 p.m.10 views

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

6.5CVSS7.2AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/04 1:51 a.m.13 views

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

7AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2024/04/27 6:26 a.m.6 views

MGASA-2024-0152 Updated opencryptoki packages fix security vulnerability

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...

5.9CVSS5.5AI score0.00878EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/04/16 5:28 p.m.1 views

opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.7AI score0.00878EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.24 views

Oracle Linux 8 : opencryptoki (ELSA-2024-1608)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1608 advisory. 3.21.0-10 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22791 Tenable has extracted the preceding description blo...

5.9CVSS5.9AI score0.00878EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/03/07 8:44 p.m.3 views

opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.7AI score0.00878EPSS
Exploits0References5
NVD
NVD
added 2024/01/31 5:15 a.m.28 views

CVE-2024-0914

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.4AI score0.00878EPSS
Exploits0References8
OSV
OSV
added 2024/01/31 5:15 a.m.6 views

AZL-36965 CVE-2024-0914 affecting package opencryptoki for versions less than 3.24.0-3

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.7AI score0.00878EPSS
Exploits0References1
Prion
Prion
added 2024/01/31 5:15 a.m.14 views

Design/Logic Flaw

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

2.6CVSS6.9AI score0.00878EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2024/01/31 4:53 a.m.7 views

CVE-2024-0914 Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS6.2AI score0.00878EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2024/01/27 2:53 a.m.4 views

SUSE CVE-2024-0914

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS6.8AI score0.00878EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/01/25 10:49 p.m.24 views

CVE-2024-0914

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. Mitigation Mitigation...

5.9CVSS6.6AI score0.00878EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/25 12:0 a.m.5 views

openCryptoki Security Vulnerability

openCryptoki is openCryptoki open source a PKCS11 library and tool for Linux. A security vulnerability exists in openCryptoki that stems from the discovery of a timing side channel vulnerability when processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could also lead to unauthorized decryptio...

5.9CVSS6.6AI score0.00878EPSS
Exploits0References5
NVD
NVD
added 2023/08/31 6:15 a.m.17 views

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS4.8AI score0.0056EPSS
Exploits0References3
Prion
Prion
added 2023/08/31 6:15 a.m.22 views

Hardcoded credentials

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

3.3CVSS4.8AI score0.0056EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/08/31 5:33 a.m.21 views

CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS5.1AI score0.0056EPSS
Exploits0References3
CVE
CVE
added 2023/08/31 5:33 a.m.59 views

CVE-2023-3404

The CVE affects the ProfileGrid WordPress plugin up to version 5.5.0. The root cause is a hardcoded passphrase and IV in the pm_encrypt_decrypt_pass function, shared across sites. This allows an authenticated attacker with administrator-level permissions to decrypt and view users’ passwords. Impa...

4.9CVSS4.8AI score0.0056EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/31 5:33 a.m.8 views

CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS6.6AI score0.0056EPSS
Exploits0References3
Prion
Prion
added 2023/05/11 7:15 p.m.19 views

Design/Logic Flaw

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

5CVSS7.5AI score0.00666EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder