105 matches found
The Jasmin Compiler Preserves Cryptographic Security
Jasmin is a programming and verification framework for developing efficient, formally verified, cryptographic implementations. A main component of the framework is the Jasmin compiler, which empowers programmers to write efficient implementations of state-of-the-art cryptographic primitives,...
EUVD-2011-1110
Malware in sbrugna...
EUVD-2012-0907
Malware in sbrugna...
EUVD-2005-0367
Malware in sbrugna...
EUVD-2013-4434
Malware in sbrugna...
EUVD-2019-16152
Malware in sbrugna...
EUVD-2022-26190
Malicious code in bioql PyPI...
GHSA-R38M-44FW-H886 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Summary In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. Details This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The root cau...
RHEL 7 : erlang (RHSA-2018:0242)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0242 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...
GHSA-Q3JM-V27Q-JFWW titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
titon/framework package which is now abandoned and no longer maintained is vulnerable to remote code execution via Chosen-Ciphertext Attack...
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
titon/framework package which is now abandoned and no longer maintained is vulnerable to remote code execution via Chosen-Ciphertext Attack...
PT-2024-40419 · Unknown · Titan Framework
Name of the Vulnerable Software and Affected Versions: titon/framework package affected versions not specified Description: The issue allows for remote code execution via a Chosen-Ciphertext Attack. Recommendations: At the moment, there is no information about a newer version that contains a fix...
RHEL 7 : erlang (RHSA-2018:0528)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0528 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...
openSUSE: Security Advisory for rage (SUSE-SU-2023:4060-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Chosen-Ciphertext Attack (KyberSlash)
pypqc vulnerable to a chosen-ciphertext attack. The vulnerability is caused by to an attacker submitting numerous ciphertexts for decryption and observing the response, potentially allowing them to recover the private key...
SUSE CVE-2023-42811
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...
Oracle Linux 7 : nss, / nss-softokn, / nss-util, / and / nspr (ELSA-2019-2237)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2237 advisory. nspr 4.21.0-1 - Rebase to NSPR 4.21 nss 3.44.0-4 - Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa 3.44.0-3 ...
GHSA-JGVC-JFGH-RJVV Chosen Ciphertext Attack in Jose4j
Summary RSA15 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA15 or RSAOAEP encrypted ciphertexts. It may be feasible to sign with affected keys. Severity Moderate - exploiting this ciphertext attack could result in the ability to decrypt RSA15 or RSAOAEP...
Chosen Ciphertext Attack in Jose4j
Summary RSA15 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA15 or RSAOAEP encrypted ciphertexts. It may be feasible to sign with affected keys. Severity Moderate - exploiting this ciphertext attack could result in the ability to decrypt RSA15 or RSAOAEP...
Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack (cisco-sa-ftd-tls-bb-rCgtmY2)
A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...