Astra Linux - уязвимость в opensc

A vulnerability was discovered in OpenSC, where the removal of PKCS1 encryption padding is not implemented in a way that ensures side-channel resistance. This issue may lead to the potential leakage of private data...

EUVD-2023-58259

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2025:02754-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02754-1 advisory. - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386. Tenable h...

PT-2025-27672 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Description: A padding oracle vulnerability exists in Google Chrome's AppBound cookie encryption mechanism. This issue arises due to observable decryption failure behavior in Windows Event Logs wh...

CVE-2023-48051

An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding...

Linux Distros Unpatched Vulnerability : CVE-2024-2467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a...

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel through the decryption process. An attacker can decrypt messages or forge signatures by exchanging a large number of messages with the vulnerable service Marvin Attack. Workaround This vulnerability can be mitigate...

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

AZL-43687 CVE-2024-2467 affecting package perl-Crypt-OpenSSL-RSA 0.31-6

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

SUSE-SU-2024:1402-2 Security update for opensc

This update for opensc fixes the following issues: - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386...

SUSE-SU-2024:1402-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386...

CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

CVE-2024-3296

Removed by vendor...

Amazon Linux 2023 : opensc (ALAS2023-2024-580)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-580 advisory. A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channel resistant. This issue may result in the potential leak of private data...

MGASA-2024-0101 Updated opensc packages fix security vulnerability

Side-channel leaks while stripping encryption PKCS1.5 padding in OpenSC. CVE-2023-5992...

Fedora 38 : opensc (2024-b92d44f141)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92d44f141 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

Fedora 39 : opensc (2024-6460a03e29)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6460a03e29 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : opensc (ALSA-2024:0967)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:0967 advisory. - A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channel resistant. This issue may result in the potential...

OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding

A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...