CVE-2018-25344

The CVE covers a stack-based buffer overflow in 10-Strike Network Inventory Explorer 8.54, specifically in the registration key input field. The root cause is a crafted input that overflows the buffer and overwrites the Structured Exception Handler (SEH) chain, enabling local code execution with ...

[SECURITY] [DSA 6186-1] php-phpseclib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6186-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. A vulnerability in cryptographic issues exists in versions prior to Jervis 2.2, which stems from the use of PKCS1Encoding encryption that is vulnerable to the Bleichenbacher padding prediction attack...

EUVD-2025-18563

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-12422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.4.2, when using the default remember me configuration, cookies could be susceptible to a padding attack. CVE-2019-12422 Note that Nessus...

SUSE SLES12 Security Update : perl-Crypt-OpenSSL-RSA (SUSE-SU-2025:01887-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:01887-1 advisory. - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Tenable has extracted the preceding description block directl...

CVE-2025-49824

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

CVE-2025-49824

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

CVE-2025-49824

CVE-2025-49824 affects the conda-smithy tool. Before 3.47.1, the travis_encrypt_binstar_token RSA signing code uses an outdated padding scheme, making it vulnerable to an Oracle Padding Attack. An attacker with oracle access can submit modified ciphertexts and, through response analysis, infer th...

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...

Linux Distros Unpatched Vulnerability : CVE-2019-1563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number...

Timing Attack

Cryptography is vulnerable to a Timing Attack. This vulnerability is due to the predictable structure of padding in ciphertexts during RSA encryption. This flaw enables an attacker to distinguish between different types of padding errors, potentially leading to the decryption of captured messages...

Apache Shiro < 1.4.2 Padding Attack

Apache Shiro before 1.4.2, when using the default 'remember me' configuration, cookies could be susceptible to a padding attack. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc. include'compat.inc'; if...

OWASP ESAPI 安全漏洞

OWASP ESAPI is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. A security vulnerability exists in OWASP ESAPI version 2.0 RC2 and prior versions. The vulnerability stems from an oracle padding attack...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

GHSA-R679-M633-G7WC Improper input validation in Apache Shiro

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

Improper input validation in Apache Shiro

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...