Lucene search
+L

11 matches found

redhat
redhat
added 3 days ago5 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
redhat
redhat
added 3 days ago3 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6AI score0.00805EPSS
Exploits0References10
euvd
euvd
added 2026/01/13 7:16 p.m.9 views

EUVD-2026-2028

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.3AI score0.00128EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/09/24 12:0 a.m.4 views

Qualcomm Chipsets 加密问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A cryptographic issue vulnerability exists in Qualcomm Chipsets that stems from a cryptographic issue when performing RSA PKCS padding decoding...

7.1CVSS6.6AI score0.0008EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/08/29 9:19 a.m.3 views

CVE-2025-9071 Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto

Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated...

2.3CVSS6.2AI score0.00163EPSS
Exploits0References1
osv
osv
added 2025/07/03 1:56 p.m.9 views

CLSA-2025-1751551010 Update of nss

Allow RSA-OAEP in FIPS mode...

5.8AI score
Exploits0References1
redhat
redhat
added 2024/08/15 8:7 p.m.6 views

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

5.9CVSS7.3AI score0.00901EPSS
Exploits0References5
redhat
redhat
added 2024/08/08 5:23 p.m.3 views

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

5.9CVSS7.3AI score0.00901EPSS
Exploits0References5
redhat
redhat
added 2024/08/08 5:22 p.m.12 views

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

5.9CVSS7.3AI score0.00901EPSS
Exploits0References5
osv
osv
added 2024/01/12 11:6 a.m.3 views

OESA-2024-1053 python-pycryptodomex security update

PyCryptodome is a self-contained Python package of low-level cryptographic primitives. Security Fixes: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.CVE-2023-52323...

5.9CVSS7AI score0.00618EPSS
Exploits0References2
susecve
susecve
added 2024/01/06 2:45 a.m.4 views

SUSE CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

5.9CVSS5.8AI score0.00618EPSS
Exploits0References9
Rows per page
Query Builder