Lucene search
K

1334 matches found

Debian
Debian
added 2026/03/29 7:2 p.m.6 views

[SECURITY] [DSA 6186-1] php-phpseclib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6186-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.9AI score0.00376EPSS
Exploits1
Debian
Debian
added 2026/03/29 6:54 p.m.7 views

[SECURITY] [DSA 6185-1] phpseclib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.9AI score0.00376EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.4 views

Debian dsa-6187 : php-phpseclib3 - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6187 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6187-1 [email protected]...

8.2CVSS6AI score0.00376EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.10 views

Debian dsa-6185 : php-seclib - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6185 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 [email protected]...

8.2CVSS5.9AI score0.00376EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.3 views

Debian dsa-6186 : php-phpseclib - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6186 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6186-1 [email protected]...

8.2CVSS5.9AI score0.00376EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/03/27 9:16 p.m.5 views

CVE-2019-25651 Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control

Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...

9CVSS5.8AI score0.0008EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 6:39 p.m.4 views

GO-2026-4760 CBC Padding Panic — Unauthenticated Process Crash in github.com/russellhaering/gosaml2

CBC Padding Panic — Unauthenticated Process Crash in github.com/russellhaering/gosaml2...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-32935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to...

8.2CVSS5.4AI score0.00374EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 4:38 a.m.4 views

Timing Attack

Overview phpseclib/phpseclib is a PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. Affected versions of this package are vulnerable to Timing Attack via the AES algorithm in CBC mode. An attacker can recover sensitive information by exploiting timin...

8.2CVSS5.8AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 3:16 a.m.2 views

UBUNTU-CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 2:48 a.m.3 views

CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 2:48 a.m.27 views

CVE-2026-32935

CVE-2026-32935 affects phpseclib with AES-CBC padding oracle timing vulnerability. Affected versions: 1.0.26 and below; 2.0.0–2.0.51; 3.0.0–3.0.49. Root cause: short-circuiting in the unpadding function enables timing leakage. Impact per sources: potential confidentiality impact (C) with high lik...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/20 2:48 a.m.7 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.3AI score0.00374EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.18 views

phpseclib 安全漏洞

phpseclib is an open-source PHP security communication library developed by phpseclib. Versions of phpseclib starting from 1.0.26, 2.0.0 to 2.0.51, and 3.0.0 to 3.0.49 contain security vulnerabilities. These vulnerabilities stem from a timing attack that occurs when using the AES CBC mode...

8.2CVSS5.8AI score0.00374EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.5 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 4:42 p.m.4 views

GHSA-94G3-G5V7-Q4JG phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 Workarounds Use AES in CTR, CFB or OFB modes References...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/19 4:42 p.m.10 views

phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 Workarounds Use AES in CTR, CFB or OFB modes References...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

Sercomm SCE4255W 安全漏洞

Sercomm SCE4255W is a broadband gateway device produced by Sercomm in Taiwan, China. Previous versions of Sercomm SCE4255W DG3934v3@2308041842 contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded AES-256-CBC keys in the configuration backup/restore mechanis...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26464

Name of the Vulnerable Software and Affected Versions phpseclib versions 1.0.26 and below phpseclib versions 2.0.0 through 2.0.51 phpseclib versions 3.0.0 through 3.0.49 Description phpseclib is a PHP secure communications library. Projects utilizing the affected versions are susceptible to a...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References16
CVE
CVE
added 2026/03/19 12:0 a.m.12 views

CVE-2025-67112

The CVE-2025-67112 entry concerns the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842, where a hard-coded AES-256-CBC key in the configuration backup/restore flow allows remote authenticated users to decrypt, modify, and re-encrypt device configurations. Th...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References3
Rows per page
Query Builder