Lucene search
K

1336 matches found

RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.12 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 6:10 a.m.3 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to an integer overflow in the wcCmacUpdate function. An attacker can generate forged CMAC tags by exploiting the wraparound of the totalSz variable after processing 4 GiB of data, which causes the...

8.2CVSS5.9AI score0.0042EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 12:30 a.m.6 views

EUVD-2026-21235

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.9AI score0.00111EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/09 11:17 p.m.7 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 11:17 p.m.11 views

UBUNTU-CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 10:33 p.m.29 views

CVE-2026-5504

CVE-2026-5504 affects wolfSSL’s PKCS7 CBC decryption. A padding oracle could enable plaintext recovery via repeated decryption queries with modified ciphertext; earlier wolfSSL versions did not validate interior padding bytes. The Connected documents confirm this is a padding oracle vulnerability...

6.3CVSS5.9AI score0.00111EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/04/09 10:33 p.m.5 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.3AI score0.00111EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

wolfSSL(CyaSSL) 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from the padding used in PKCS7 CBC decryption. This vulnerability could allo...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/02 5:58 a.m.4 views

CVE-2025-66442

A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability is a compiler-induced timing side channel that occurs when the LLVM compiler's select-optimize feature is enabled. A remote attacker could potentially exploit this timing difference during RSA and CBC/ECB decryption operations to...

5.9CVSS5.8AI score0.0027EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/01 9:30 p.m.6 views

EUVD-2025-209171

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.9AI score0.0027EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 8:16 p.m.4 views

DEBIAN-CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.2AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 8:16 p.m.5 views

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS0.0027EPSS
Exploits0References4
OSV
OSV
added 2026/04/01 8:16 p.m.6 views

UBUNTU-CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.8AI score0.0027EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/04/01 8:16 p.m.4 views

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.9AI score0.0027EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.23 views

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.3 views

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.9AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Mbed TLS versions 4.0.0 and earlier, as well as TF-PSA-Crypto versions 1.0.0 and earlier, have security vulnerabilities. These vulnerabilities stem from compiler-induced timing side...

5.1CVSS5.8AI score0.0027EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 12:0 a.m.25 views

CVE-2025-66442

CVE-2025-66442 affects Mbed TLS up to 4.0.0 and TF-PSA-Crypto up to 1.0.0. The issue is a compiler-induced timing side channel in RSA and CBC/ECB decryption that occurs specifically with LLVM’s select-optimize feature. The CVSSv3.1 metrics describe a local attack with high complexity, no privileg...

5.1CVSS5.9AI score0.0027EPSS
Exploits0References4Affected Software2
Debian CVE
Debian CVE
added 2026/04/01 12:0 a.m.3 views

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.2AI score0.0027EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.7 views

Debian dla-4518 : php-seclib - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4518 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected]...

8.2CVSS6AI score0.00376EPSS
Exploits1References6
Rows per page
Query Builder