CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

CVE-2025-0306 Ruby: openssl: ruby marvin attack

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. Mitigation See the following possible...

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-2819)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...

EulerOS 2.0 SP10 : python-cryptography (EulerOS-SA-2024-2893)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package.This issue may allow a remote attacker to decrypt captured messages in TLS servers...

CVE-2024-47121

The CVE-2024-47121 weakness in the goTenna Pro App is due to weak password requirements used to share encryption keys via the key broadcast method. If an encrypted broadcast key captured over RF is brute-forced, an attacker could decrypt past and future messages encrypted with that key. Affected ...

IV Collision

github.com/bincyber/go-sqlcrypter is vulnerable to IV Collision. The vulnerability is due to using a random IV, which can exceed the safe limit of encrypting plaintext above 2^32 in size under the same key as stated by NIST SP 800-38D, potentially allowing attackers to decrypt messages if IV...

CVE-2023-21443

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2023-21444

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2023-21443

CVE-2023-21443 affects Samsung Flow for Android prior to version 4.9.04, due to an improper cryptographic implementation. This vulnerability enables adjacent attackers to decrypt encrypted messages or inject commands. The publicly available sources identify the affected version range and provide ...

CVE-2023-21443

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2022-39246

matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...

OpenPGP 1.2.0 and earlier decrypts arbitrary messages

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

EdgeX Foundry 加密问题漏洞

EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. A cryptographic issue vulnerability exists in EdgeX's Functions SDK that allows an attacker to decrypt messages via unspecified vectors...

Cryptologists Crack Zodiac Killer's 340 Cipher

A remote team of three hobbyist cryptologists have solved one of the Zodiac Killer’s cipher after a half century. And while the name of the elusive serial killer remains hidden, the breakthrough represents a triumph for cryptology and the basic building blocks of cybersecurity — access control an...

Invalid Curve Attack in openpgp

Versions of openpgp prior to 4.3.0 are vulnerable to an Invalid Curve Attack. The package's implementation of ECDH fails to verify the validity of the communication partner's public key. The package calculates the resulting key secret based on an altered curve instead of the specified elliptic...

CVE-2019-9149

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign and encrypt arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows ...

Weak ElGamal Parameters

PyCrypto uses weak ElGamal cryptography. Due to an incorrect implementation of ElGamal, the Decisional Diffie-Hellman DDH assumption doesn't hold because of the way the key parameters are generated. This allows attackers who have access to the cipher-text to decrypt the messages and potentially...