CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

766 matches found

Veracode•added 2024/01/09 6:46 a.m.•8 views

Timing Attack

github.com/cloudflare/circl is vulnerable to Timing Attack. The vulnerability is caused due to arithmetic operations during ciphertext compression which leaks sensitive timing information. An attacker can learn parts of secret key by exploiting this vulnerability brute force...

6.9AI score

Exploits0

Positive Technologies•added 2024/01/03 12:0 a.m.•2 views

PT-2024-40389 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.6.2 Description: The issue allows an attacker to learn parts of the secret key when they can time decapsulation and forge cipher texts on certain platforms. This does not affect ephemeral usage, such as regular use...

7.1AI score

Exploits0References5

OSV•added 2023/11/28 12:15 p.m.•1 views

DEBIAN-CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.2AI score0.00844EPSS

Exploits0References1

CNNVD•added 2023/11/23 12:0 a.m.•1 views

GnuTLS Security Vulnerabilities

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS version 3.6.7-4+deb10u11, which stems from a security flaw in the RSA-PSK ClientKeyExchange, where the response time to a misformatted ciphertext differs from the...

5.9CVSS6.8AI score0.00844EPSS

Exploits0References12

RustSec•added 2023/11/22 12:0 p.m.•4 views

Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...

5.5CVSS7.1AI score0.00016EPSS

Exploits1Affected Software1

Tenable Nessus•added 2023/11/07 12:0 a.m.•18 views

Fedora 39 : firecracker / rust-aes-gcm (2023-17bdd59177)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-17bdd59177 advisory. - Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. - Rebuild dependent packages firecracker for aes-gcm v0.10.3...

5.5CVSS5.8AI score0.00016EPSS

Exploits1References2

Prion•added 2023/10/19 10:15 a.m.•24 views

Design/Logic Flaw

The AES implementation in the Texas Instruments OMAP L138 secure variants, present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext...

0.8CVSS5.9AI score0.0005EPSS

Exploits0References1

Vulnrichment•added 2023/10/19 9:31 a.m.•19 views

CVE-2022-24404 Ciphertext Malleability in TETRA

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

5.9CVSS6.9AI score0.00136EPSS

Exploits0References1

Cvelist•added 2023/10/19 9:31 a.m.•17 views

CVE-2022-24404 Ciphertext Malleability in TETRA

5.9CVSS7.7AI score0.00136EPSS

Exploits0References1

CNNVD•added 2023/10/19 12:0 a.m.•1 views

TETRA BURST Security Vulnerability

TETRA BURST is a terrestrial trunked radio standard for radio communications from TETRA BURST. A security vulnerability exists in TETRA that stems from a lack of ciphertext authentication on the AIE, leading to a malleability attack...

7.5CVSS7AI score0.00136EPSS

Exploits0References2

Tenable Nessus•added 2023/10/13 12:0 a.m.•35 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rage-encryption (SUSE-SU-2023:4060-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4060-1 advisory. - aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version...

5.5CVSS5.8AI score0.00016EPSS

Exploits1References4

Tenable Nessus•added 2023/10/03 12:0 a.m.•14 views

Fedora 38 : firecracker / rust-aes-gcm (2023-98f44d1c4c)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-98f44d1c4c advisory. - Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. - Rebuild dependent packages firecracker for aes-gcm v0.10.3...

5.5CVSS5.8AI score0.00016EPSS

Exploits1References2

Tenable Nessus•added 2023/10/02 12:0 a.m.•18 views

Fedora 37 : firecracker / rust-aes-gcm (2023-bc40c7995e)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-bc40c7995e advisory. - Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. - Rebuild dependent packages firecracker for aes-gcm v0.10.3...

5.5CVSS5.8AI score0.00016EPSS

Exploits1References2

CNNVD•added 2023/09/27 12:0 a.m.•4 views

Dell Data Protection Central 加密问题漏洞

Dell Data Protection Central is a suite of data protection solutions from Dell USA. The product provides single sign-on, dashboards, and system monitoring. A vulnerability exists in Dell Data Protection Central version 19.9 due to an encryption issue that stems from insufficient encryption...

7.5CVSS6.7AI score0.00095EPSS

Exploits0References2

SUSE CVE•added 2023/09/26 1:50 a.m.•1 views

SUSE CVE-2023-42811

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

5.5CVSS7.2AI score0.00016EPSS

Exploits1References4