47 matches found
EUVD-2025-13072
Malicious code in bioql PyPI...
CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
PT-2025-26705 · Dropbox · Dropbox
Name of the Vulnerable Software and Affected Versions: Dropbox affected versions not specified Description: The issue concerns file decryption in Dropbox. No further details are provided about the nature of the issue or its potential impact. Recommendations: At the moment, there is no information...
EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1439)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...
Linux Distros Unpatched Vulnerability : CVE-2020-25657
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed...
CVE-2025-24461
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...
CVE-2024-56690
CVE-2024-56690 : Linux kernel crypto: pcrypt fix for -EBUSY/-EAGAIN. After commit 8f4f68e7, padata_do_parallel() may return -EAGAIN for pcrypt encrypt/decrypt when CPUs go online/offline, triggering a WARN/panic under panic_on_warn. The remediation is to call the crypto layer directly (no paralle...
CVE-2024-40983 tipc: force a dst refcount before doing decryption
In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 "xfrm: Force a dst refcount before entering the xfrm type handlers": "Crypto requests might return asynchronous. In this case we leave the rcu...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-505)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-505 advisory. The upstream report describes this issue as follows: When installing a maliciously created Ansible role using 'ansible-galaxy role install', arbitrary files the user has access to can be...
PT-2023-36307 · Unknown · Openssl-Ibmca
Name of the Vulnerable Software and Affected Versions: OpenSSL-ibmca affected versions not specified Description: It was discovered that OpenSSL-ibmca incorrectly handled certain RSA decryption, which could allow an attacker to expose sensitive information. Recommendations: At the moment, there i...
CVE-2023-22912
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...
MGASA-2022-0047 Updated cryptsetup packages fix security vulnerability
An attacker can modify on-disk metadata to simulate decryption in progress with crashed unfinished reencryption step and persistently decrypt part of the LUKS device CVE-2021-4122...
ARM mbed TLS加密问题漏洞
ARM mbed TLS is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A security vulnerability exists in Mbed TLS versions prior to 2.28.0 and 3.0, which stems from the fact that psaciphergenerateiv and psacipherencrypt allow policy bypass or...
OPENSUSE-SU-2021:2008-1 Security update for python-rsa
This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext bsc1172389...
OPENSUSE-SU-2021:2143-1 Security update for libnettle
This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext bsc1187060...
SUSE-SU-2021:2237-1 Security update for python-rsa
This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext bsc1172389...
SUSE-SU-2021:2008-1 Security update for python-rsa
This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext bsc1172389...
jose-node-cjs-runtime 安全漏洞
npm jose-node-cjs-runtime is an application from the American company npm. Provides distributions of jose with smaller bundle/installation sizes. A security vulnerability exists in jose-node-cjs-runtime in versions prior to 3.11.4, which stems from the possibility of a significant difference in t...
jose-node-esm-runtime 安全漏洞
npm jose-node-esm-runtime is an application from npm, Inc. json web almost everything uses the Node.jscrypto module for JWA, JWS, JWE, JWT, JWK with no dependencies. jose-node-esm-runtime is a security vulnerability in jose-node-esm-runtime prior to version 3.11.4 that arises from a significant...
MGASA-2020-0364 Updated python-rsa packages fix security vulnerability
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...