RHEL 7 : erlang (RHSA-2018:0528)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0528 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...

Rocky Linux 8 : opencryptoki (RLSA-2024:1608)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1608 advisory. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could...

ROS-20240404-08

Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability could allow an attacker acting remotel...

opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

AlmaLinux 9 : opencryptoki (ALSA-2024:1239)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1239 advisory. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potential...

SUSE CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

libgcrypt Security Vulnerabilities

Libgcrypt is a general-purpose cryptographic library based on the GnuPG code from the US GNU community. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, and public key algorithms. A security vulnerability exists in libgcrypt, which ste...

openSUSE: Security Advisory for rage (SUSE-SU-2023:4060-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-22458

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext...

Unspecified vulnerability in wolfSSL (CNVD-2024-37453)

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. WolfSSL has a security vulnerability that can be exploited by attackers to decrypt ciphertexts and forge signatures after extensive test observations...

Chosen-Ciphertext Attack (KyberSlash)

pypqc vulnerable to a chosen-ciphertext attack. The vulnerability is caused by to an attacker submitting numerous ciphertexts for decryption and observing the response, potentially allowing them to recover the private key...

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. WolfSSL has a security vulnerability that can be exploited by attackers to decrypt ciphertexts and forge signatures after extensive test observations...

SUSE CVE-2023-6240

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

UBUNTU-CVE-2023-6240

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

CVE-2023-6240

CVE-2023-6240 is documented as a Marvin vulnerability side-channel leakage in the Linux kernel RSA decryption operation. The connected Nessus entries confirm this CVE is listed among multiple advisories, referencing the same vulnerability block and associating it with Linux Kernel RSA decryption ...

DEBIAN-CVE-2024-0914

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

CVE-2024-0914 Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

CVE-2024-0914

The CVE-2024-0914 issue affects the opencryptoki package and arises from a timing side-channel while processing RSA PKCS#1 v1.5 padded ciphertexts, enabling potential unauthorized RSA ciphertext decryption or signing without the private key. Connected advisories show OpenCryptoki is affected in v...

PT-2024-40543 · Amazon · Awskms

Name of the Vulnerable Software and Affected Versions: awskms and aesgcm providers affected versions not specified Description: The issue concerns the risk of an IV collision when using the awskms or aesgcm provider for encryption, particularly in scenarios like database column encryption where...

Nettle: Denial of Service

Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description Multiple vulnerabilities have been...