Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2024/10/21 12:0 a.m.1 views

PT-2024-7941 · Botan +3 · Botan +3

Name of the Vulnerable Software and Affected Versions: Botan versions prior to 3.6.0 Description: The issue is related to a component of the Botan cryptographic library, specifically in lib/utils/ghash/ghash.cpp, where there is a potential information disclosure due to inconsistency. This could...

7.5CVSS5.4AI score0.00449EPSS
Exploits2References40
Positive Technologies
Positive Technologiesadded 2024/07/08 12:0 a.m.1 views

PT-2024-6617

Name of the Vulnerable Software and Affected Versions: Botan versions prior to 2.19.5 Botan versions prior to 3.5.0 Description: A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the...

7.5CVSS6.2AI score0.00449EPSS
Exploits2References44
Positive Technologies
Positive Technologiesadded 2024/02/20 12:0 a.m.1 views

PT-2024-6085

Name of the Vulnerable Software and Affected Versions Botan versions prior to 2.19.4 and 3.3.0 Description The issue is related to the parsing of X.509 certificates with explicit encoding of elliptic curve parameters. An attacker can present a certificate with very large parameters, causing...

7.8CVSS7.1AI score0.00449EPSS
Exploits2References53
OSV
OSVadded 2022/11/23 8:37 a.m.8 views

OPENSUSE-SU-2022:10211-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2022-43705: Fixed validation of embedded certificates was when checking OCSP responses boo1205509...

9.1CVSS9.3AI score0.00173EPSS
Exploits0References3
OSV
OSVadded 2017/09/26 1:29 a.m.16 views

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

5.5CVSS6.5AI score
Exploits0References3
OSV
OSVadded 2017/05/16 11:18 a.m.5 views

SUSE-SU-2017:1305-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2015-7827: PKCS 1 v1.5 decoding was not constant time, it could be used to mount a Bleichenbacher million-message attack bsc968030 - CVE-2016-9132: While decoding BER length fields, an integer overflow could occur leading to a...

9.8CVSS8.6AI score0.00435EPSS
Exploits0References5
OSV
OSVadded 2016/10/28 3:59 p.m.4 views

CVE-2016-8871

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack...

6.2CVSS6.7AI score
Exploits0References2
OSV
OSVadded 2016/05/13 2:59 p.m.4 views

CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service infinite loop via unspecified input to the OS2ECP function, related to a composite modulus...

7.5CVSS8.2AI score
Exploits0References5
Rows per page
Query Builder