Lucene search
K

100 matches found

RedHat Linux
RedHat Linux
added 2025/04/02 2:55 p.m.4 views

libgcrypt: vulnerable to Marvin Attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS7.3AI score0.01114EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/12 9:21 a.m.6 views

libgcrypt: vulnerable to Marvin Attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS7.3AI score0.01114EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/02 12:0 a.m.15 views

CBL Mariner 2.0 Security Update: gnutls (CVE-2023-5981)

The version of gnutls installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5981 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange diffe...

5.9CVSS6.6AI score0.01257EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.3 views

Cocoon 安全漏洞

Cocoon is a simple and reliable security repository from the personal developer Alexander Fadeev. A security vulnerability exists in Cocoon versions prior to 0.4.0 that stems from the easy reuse of Nonce key pairs in encryption, which allows an attacker to generate the same ciphertext by creating...

4.5CVSS6.7AI score0.00139EPSS
Exploits0References6
Redos
Redos
added 2024/09/16 12:0 a.m.23 views

ROS-20240916-04

A vulnerability in the PrivateDecrypt function of the cryptographic library of the Node.js software platform is related to the following use of hidden side channels as a result of time discrepancy between decryption of valid and invalid encrypted texts based on the PKCS1 v1.5.5 cryptography...

7.4CVSS7.2AI score0.01302EPSS
Exploits0
Veracode
Veracode
added 2024/08/06 11:22 a.m.16 views

Ciphertext Leakage

Netbird is vulnerable to Ciphertext Leakage. The vulnerability is due to the use of a static initialization vector IV in the Encrypt function within the crypt.go file, which does not change for different encryption operations and allows attackers to expose the sensitive information through...

7.5CVSS6.1AI score0.00467EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/05 12:36 a.m.5 views

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

6.5CVSS7.2AI score0.00969EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/28 2:8 p.m.3 views

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

6.5CVSS7.2AI score0.00969EPSS
Exploits0References6
OSV
OSV
added 2024/05/20 9:56 p.m.10 views

GHSA-2J6R-9VV4-6GF5 github.com/bincyber/go-sqlcrypter vulnerable to IV collision

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption...

3.7CVSS6.7AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/20 9:56 p.m.19 views

github.com/bincyber/go-sqlcrypter vulnerable to IV collision

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption...

6.7AI score
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/14 12:0 a.m.48 views

Rocky Linux 9 : kernel (RLSA-2024:2758)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2758 advisory. - A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to...

7.1CVSS6.9AI score0.00969EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/18 2:35 a.m.6 views

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

6.5CVSS7.2AI score0.00969EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/18 2:16 a.m.3 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/18 1:50 a.m.7 views

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

6.5CVSS7.2AI score0.00969EPSS
Exploits0References6
Redos
Redos
added 2024/04/10 12:0 a.m.23 views

ROS-20240410-23

A vulnerability in the opencryptoki package is related to the processing of RSA PKCS1 augmented ciphertexts. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

5.9CVSS7.1AI score0.00878EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.24 views

Oracle Linux 8 : opencryptoki (ELSA-2024-1608)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1608 advisory. 3.21.0-10 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22791 Tenable has extracted the preceding description blo...

5.9CVSS5.9AI score0.00878EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/03/26 9:31 a.m.1 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/26 12:0 a.m.48 views

Oracle Linux 9 : nodejs:18 (ELSA-2024-1503)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1503 advisory. - Fixes: CVE-2024-21892 CVE-2024-22019 high Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

7.8CVSS7AI score0.03168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/08 12:0 a.m.25 views

RHEL 9 : opencryptoki (RHSA-2024:1239)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1239 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

5.9CVSS6AI score0.00878EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/03/08 12:0 a.m.17 views

Oracle Linux 9 : opencryptoki (ELSA-2024-1239)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1239 advisory. 3.21.0-9 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22792 Tenable has extracted the preceding description bloc...

5.9CVSS5.9AI score0.00878EPSS
Exploits0References2
Rows per page
Query Builder