Astra Linux - уязвимость в openssl1.0

In situations where an attacker receives automated notifications of the success or failure of a decryption attempt, an attacker can recover the CMS/PKCS7 transport encryption key after sending a very large number of messages to be decrypted. They can also decrypt any RSA-encrypted message encrypt...

CVE-2026-1357

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

WordPress plugin Migration, Backup, Staging – WPvivid Backup & Migration 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

SUSE SLES12 Security Update : libgcrypt (SUSE-SU-2025:02756-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02756-1 advisory. - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Tenable has extracted the...

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

DEBIAN-CVE-2023-5388

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

IBM Global Security Kit 安全漏洞

IBM Global Security Kit is a library and utility program for SSL or TLS communications from International Business Machines IBM. The IBM Global Security Kit suffers from a cryptographic issue vulnerability that stems from a time-based side-channel in the RSA decryption implementation, which could...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

SUSE CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...

AZL-6741 CVE-2021-3580 affecting package nettle for versions less than 3.7.3-1

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...