CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

764 matches found

OSV•added 2020/06/22 12:15 p.m.•12 views

CVE-2020-14967

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts it decrypts modified ciphertexts without error. An attacker might prepend these bytes with the...

9.8CVSS7AI score

Exploits0References6

NVD•added 2020/06/22 12:15 p.m.•12 views

CVE-2020-14967

9.8CVSS0.00339EPSS

Exploits1References6

Cvelist•added 2020/06/22 11:19 a.m.•14 views

CVE-2020-14967

9.7AI score0.00339EPSS

Exploits1References6

CVE•added 2020/06/22 11:19 a.m.•65 views

CVE-2020-14967

CVE-2020-14967 affects the jsrsasign package for Node.js prior to version 8.0.18. The RSA PKCS1 v1.5 decryption path does not detect ciphertext modifications when zeros are prepended to ciphertexts, allowing modified ciphertexts to be decrypted without error and potentially triggering memory corr...

9.8CVSS9.6AI score0.00339EPSS

Exploits1References6Affected Software1

RedhatCVE•added 2020/06/18 1:25 p.m.•24 views

CVE-2020-13757

A flaw was found in the python-rsa package, where it does not explicitly check the ciphertext length against the key size and ignores the leading 0 bytes during the decryption of the ciphertext. This flaw allows an attacker to perform a ciphertext attack, leading to a denial of service. The highe...

5CVSS2.3AI score0.00098EPSS

Exploits1References4

RedHat Linux•added 2020/06/11 9:11 a.m.•1 views

cryptacular: excessive memory allocation during a decode operation

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

7.5CVSS7.4AI score0.03282EPSS

Exploits1References4

RedHat Linux•added 2020/06/10 7:23 p.m.•1 views

cryptacular: excessive memory allocation during a decode operation

7.5CVSS7.4AI score0.03282EPSS

Exploits1References4

Veracode•added 2020/06/02 1:46 a.m.•19 views

Information Disclosure

rsa is vulnerable to information disclosure. The vulnerability exists as rsa ignores prepended \0 bytes during the decryption of a ciphertext in PKCS1v15, where it is supposed to have failed, allowing the interference that this library is used for cryptography...

7.5CVSS2.3AI score0.00098EPSS

Exploits1References7Affected Software5

UbuntuCve•added 2020/06/01 7:15 p.m.•35 views

CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS7.1AI score0.00098EPSS

Exploits1References4

Prion•added 2020/06/01 7:15 p.m.•21 views

Memory corruption

5CVSS7.3AI score0.00098EPSS

Exploits1References5Affected Software3

OSV•added 2020/06/01 7:15 p.m.•31 views

PYSEC-2020-99

7.5CVSS2.3AI score0.00098EPSS

Exploits1References6

CVE•added 2020/06/01 6:17 p.m.•320 views

CVE-2020-13757

CVE-2020-13757 affects the Python-RSA package. Affected: Python-RSA before 4.1. Root cause: decryption ignores leading '\0' bytes in ciphertext. Impact stated in sources: potential DoS risk and information leakage indicators (e.g., attacker could infer usage, or ciphertext length could affect beh...

7.5CVSS7.2AI score0.00098EPSS

Exploits1References5Affected Software1

Debian CVE•added 2020/06/01 6:17 p.m.•23 views

CVE-2020-13757

7.5CVSS7.5AI score0.00098EPSS

Exploits1

Positive Technologies•added 2020/05/27 12:0 a.m.•3 views

PT-2020-13658 · Python +5 · Python-Rsa +5

Name of the Vulnerable Software and Affected Versions: Python-RSA versions prior to 4.1 Description: The issue concerns the decryption of ciphertext, where leading '0' bytes are ignored. This could potentially have security implications, such as helping an attacker infer that an application uses...

7.8CVSS5.2AI score0.00144EPSS

Exploits2References55

RedHat Linux•added 2020/05/12 5:16 p.m.•2 views

cryptacular: excessive memory allocation during a decode operation

7.5CVSS7.4AI score0.03282EPSS

Exploits1References4

RedHat Linux•added 2020/05/11 8:15 p.m.•1 views

cryptacular: excessive memory allocation during a decode operation

7.5CVSS7.4AI score0.03282EPSS

Exploits1References4

RedhatCVE•added 2020/04/07 11:9 a.m.•36 views

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

5.9CVSS4.4AI score0.12783EPSS

Exploits0References2

Tenable Nessus•added 2020/03/19 12:0 a.m.•63 views

Amazon Linux AMI : nss, nss-softokn, nss-util, nspr (ALAS-2020-1355)

The version of nspr installed on the remote host is prior to 4.21.0-1.43. The version of nss installed on the remote host is prior to 3.44.0-7.84. The version of nss-softokn installed on the remote host is prior to 3.44.0-8.44. The version of nss-util installed on the remote host is prior to...

8.8CVSS7.8AI score0.12783EPSS

Exploits3References9