48 matches found
CVE-2020-4045
SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...
CVE-2025-24461
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...
CVE-2024-39921
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...
MGASA-2024-0152 Updated opencryptoki packages fix security vulnerability
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...
opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
Oracle Linux 8 : opencryptoki (ELSA-2024-1608)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1608 advisory. 3.21.0-10 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22791 Tenable has extracted the preceding description blo...
opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
AZL-36965 CVE-2024-0914 affecting package opencryptoki for versions less than 3.24.0-3
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
Design/Logic Flaw
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
CVE-2024-0914 Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
SUSE CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. Mitigation Mitigation...
openCryptoki Security Vulnerability
openCryptoki is openCryptoki open source a PKCS11 library and tool for Linux. A security vulnerability exists in openCryptoki that stems from the discovery of a timing side channel vulnerability when processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could also lead to unauthorized decryptio...
CVE-2023-3404
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...
Hardcoded credentials
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...
CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...
CVE-2023-3404
The CVE affects the ProfileGrid WordPress plugin up to version 5.5.0. The root cause is a hardcoded passphrase and IV in the pm_encrypt_decrypt_pass function, shared across sites. This allows an authenticated attacker with administrator-level permissions to decrypt and view users’ passwords. Impa...
CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...
Design/Logic Flaw
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...