9 matches found
EUVD-2026-2028
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...
Qualcomm Chipsets 加密问题漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A cryptographic issue vulnerability exists in Qualcomm Chipsets that stems from a cryptographic issue when performing RSA PKCS padding decoding...
CVE-2025-9071 Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated...
CLSA-2025-1751551010 Update of nss
Allow RSA-OAEP in FIPS mode...
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...
OESA-2024-1053 python-pycryptodomex security update
PyCryptodome is a self-contained Python package of low-level cryptographic primitives. Security Fixes: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.CVE-2023-52323...
SUSE CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...