276 matches found
JLSEC-2026-761
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...
RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle
Impact RSACrypt::decryptWithRSA15 used by the RSA15 key-encryption algorithm implements RSAES-PKCS1-v15 decryption by inspecting the padding after RSADP and throwing InvalidArgumentException as soon as the padding is malformed. It does not implement the implicit-rejection countermeasure required ...
Astra Linux – Vulnerability in mbedtls
A vulnerability was discovered in Mbed TLS 2.x before version 2.28.7, and also in Mbed TLS 3.x before version 3.5.2. There was a timing-related side channel involved in RSA private operations. This side channel could allow a local attacker to recover the plaintext. To exploit this vulnerability,...
Astra Linux – Vulnerability in Ruby 2.5
A vulnerability was discovered in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...
Astra Linux – Vulnerability in PHP 8.1, PHP 7.3
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
Astra Linux – Vulnerability in Node.js
Node.js versions that bundle a unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL that is also unpatched are vulnerable to the Marvin attack – https://people.redhat.com/hkario/marvin/. This vulnerability occurs when performing RSA decryption using a private key,...
MiracleLinux 9 : iperf3-3.9-13.el9 (AXSA:2024-9259:02)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9259:02 advisory. iperf3: possible denial of service CVE-2023-7250,ESNET-SECADV-2023-0002 iperf3: vulnerable to marvin attack if the authentication option is used...
MiracleLinux 8 : iperf3-3.5-10.el8_10 (AXSA:2024-8525:01)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8525:01 advisory. iperf3: possible denial of service CVE-2023-7250 iperf3: vulnerable to marvin attack if the authentication option is used CVE-2024-26306 Tenable has...
MiracleLinux 9 : libgcrypt-1.10.0-11.el9 (AXSA:2024-9141:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9141:01 advisory. libgcrypt: vulnerable to Marvin Attack CVE-2024-2236 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MGASA-2025-0287 Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability
Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...
Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability
Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...
EUVD-2023-59133
Malicious code in bioql PyPI...
EUVD-2024-27360
Malicious code in bioql PyPI...
EUVD-2025-1595
Malicious code in bioql PyPI...
EUVD-2024-35858
Malicious code in bioql PyPI...
EUVD-2023-58486
Malicious code in bioql PyPI...
EUVD-2023-50975
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-50979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding. CVE-2023-50979 Note that Nessus relies on the presence ...
Malicious code in allocab-marvin (npm)
The package allocab-marvin was found to contain malicious code...
Malicious code in marvin-nodejs-sdk (npm)
The package marvin-nodejs-sdk was found to contain malicious code...