Astra Linux - уязвимость в mbedtls

A vulnerability was discovered in Mbed TLS 2.x before version 2.28.7, and also in Mbed TLS 3.x before version 3.5.2. There was a timing-related side channel involved in RSA private operations. This side channel could allow a local attacker to recover the plaintext. To exploit this vulnerability,...

Astra Linux - уязвимость в nodejs

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

Astra Linux - уязвимость в php8.1, php7.3

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

Astra Linux - уязвимость в ruby2.5

A vulnerability was discovered in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

MiracleLinux 8 : iperf3-3.5-10.el8_10 (AXSA:2024-8525:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8525:01 advisory. iperf3: possible denial of service CVE-2023-7250 iperf3: vulnerable to marvin attack if the authentication option is used CVE-2024-26306 Tenable has...

MiracleLinux 9 : libgcrypt-1.10.0-11.el9 (AXSA:2024-9141:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9141:01 advisory. libgcrypt: vulnerable to Marvin Attack CVE-2024-2236 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : iperf3-3.9-13.el9 (AXSA:2024-9259:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9259:02 advisory. iperf3: possible denial of service CVE-2023-7250,ESNET-SECADV-2023-0002 iperf3: vulnerable to marvin attack if the authentication option is used...

Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

MGASA-2025-0287 Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

EUVD-2024-27360

Malicious code in bioql PyPI...

EUVD-2024-35858

Malicious code in bioql PyPI...

EUVD-2023-50975

Malicious code in bioql PyPI...

EUVD-2023-59133

Malicious code in bioql PyPI...

EUVD-2025-1595

Malicious code in bioql PyPI...

EUVD-2023-58486

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-50979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding. CVE-2023-50979 Note that Nessus relies on the presence ...

Malicious code in marvin-nodejs-sdk (npm)

The package marvin-nodejs-sdk was found to contain malicious code...

MAL-2025-25978 Malicious code in marvin-nodejs-sdk (npm)

The package marvin-nodejs-sdk was found to contain malicious code...

Malicious code in allocab-marvin (npm)

The package allocab-marvin was found to contain malicious code...

MAL-2025-14324 Malicious code in allocab-marvin (npm)

The package allocab-marvin was found to contain malicious code...