Lucene search
K

465 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-4421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as...

6.5CVSS7AI score0.00628EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/31 12:0 a.m.11 views

Amazon Linux 2 : perl-Crypt-OpenSSL-RSA (ALAS-2025-2942)

The version of perl-Crypt-OpenSSL-RSA installed on the remote host is prior to 0.28-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2942 advisory. A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover...

5.9CVSS6.1AI score0.00516EPSS
Exploits0References4
Amazon
Amazon
added 2025/07/30 12:0 a.m.7 views

Medium: perl-Crypt-OpenSSL-RSA

Issue Overview: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial...

5.9CVSS6.8AI score0.00516EPSS
Exploits0
OSV
OSV
added 2025/06/27 1:16 p.m.5 views

OESA-2025-1673 perl-Crypt-OpenSSL-RSA security update

encoding and decoding according to using the openSSL libraries Security Fixes: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an...

5.9CVSS6.8AI score0.00516EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 p.m.6 views

CVE-2020-20950

Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable...

5.9CVSS6.8AI score0.00859EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.14 views

CVE-2020-20949

Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube UM1924. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...

5.9CVSS6.9AI score0.00919EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/04/02 3:14 p.m.11 views

libgcrypt: vulnerable to Marvin Attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS7.3AI score0.01114EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/04/02 2:55 p.m.5 views

libgcrypt: vulnerable to Marvin Attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS7.3AI score0.01114EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-16869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attack...

5.7CVSS5.4AI score0.01495EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.19 views

RHEL 7 : erlang (RHSA-2018:0242)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0242 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...

5.9CVSS6.6AI score0.22098EPSS
Exploits0References5
Amazon
Amazon
added 2024/10/14 12:0 a.m.15 views

Medium: libgcrypt

Issue Overview: A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. CVE-2024-2236 Affected Packages: libgcrypt Issue Correction: Run dnf...

5.9CVSS7.2AI score0.01114EPSS
Exploits0
Redos
Redos
added 2024/09/16 12:0 a.m.23 views

ROS-20240916-04

A vulnerability in the PrivateDecrypt function of the cryptographic library of the Node.js software platform is related to the following use of hidden side channels as a result of time discrepancy between decryption of valid and invalid encrypted texts based on the PKCS1 v1.5.5 cryptography...

7.4CVSS7.2AI score0.01302EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/07/25 12:0 a.m.10 views

The vulnerability of the perl-Crypt-OpenSSL-RSA package on Red Hat Enterprise Linux operating systems allows a attacker to execute the Bleichenbacher attack.

The vulnerability of the perl-Crypt-OpenSSL-RSA package in Red Hat Enterprise Linux operating systems is related to the disclosure of information due to incompatibility. Exploiting this vulnerability could allow a remote attacker to execute a Bleichenbacher attack...

7.1CVSS6.3AI score0.00516EPSS
Exploits0References6Affected Software2
Redos
Redos
added 2024/07/17 12:0 a.m.26 views

ROS-20240717-05

A vulnerability in the implementation of PKCS1 v1.5, OAEP, and RSASVP standards in the NSS Network Security Services library set is associated with insufficient protection of service data due to time discrepancy. Exploitation of the vulnerability allows an attacker acting remotely to implement th...

6.5CVSS7.1AI score0.00816EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.32 views

OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.6j. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.6j advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

7.5CVSS8.2AI score0.06393EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.26 views

RHEL 3 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: SGC restart DoS attack CVE-2011-4619 - openssl: CMS and PKCS7 Bleichenbacher attack CVE-2012-088...

9.1CVSS8.3AI score0.16645EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.29 views

RHEL 8 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-12404 - nss: Information exposure...

6.5CVSS6.8AI score0.84424EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.33 views

RHEL 8 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-12404 - In Network Security Service...

6.5AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.20 views

RHEL 6 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant CVE-2018-10845 -...

7.9AI score0.03623EPSS
Exploits3References12
OSV
OSV
added 2024/05/06 1:5 p.m.55 views

RLSA-2024:1688 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

8.1CVSS7.4AI score0.03168EPSS
Exploits0References8
Rows per page
Query Builder