CVE-2025-0123

Summary: CVE-2025-0123 affects Palo Alto Networks PAN-OS. Unlicensed administrators can view clear-text data captured via the packet-capture feature in decrypted HTTP/2 data streams on the firewall; HTTP/1.1 streams are not impacted. Exploitation requires access to the management interface and su...

PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/...

libgcrypt: vulnerable to Marvin Attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1326)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

CVE-2024-31896

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

The vulnerability of the EVP_DecryptUpdate function in the OpenSSL library of the Sante PACS Server web server allows a hacker to execute arbitrary code.

The vulnerability of the EVPDecryptUpdate function in the OpenSSL library of the Sante PACS Server web server system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending specially crafte...

CVE-2024-45643

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information...

CVE-2024-45643

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information...

CVE-2025-2263

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...

CVE-2025-2263

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0704)

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0703)

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT- MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to...

Security Bulletin: IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171

Summary IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow ...

CVE-2024-48353

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information...

Medium: clamav1.4

Issue Overview: A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows...

Linux Distros Unpatched Vulnerability : CVE-2024-50047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a...

Linux Distros Unpatched Vulnerability : CVE-2020-25657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed...

Linux Distros Unpatched Vulnerability : CVE-2024-0914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could...

Linux Distros Unpatched Vulnerability : CVE-2022-4304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

Linux Distros Unpatched Vulnerability : CVE-2024-40983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 xfrm:...