237 matches found
EUVD-2022-2370
Malicious code in bioql PyPI...
CVE-2025-7071 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
Oberon microsystem AG ocrypto library 安全漏洞
Oberon microsystem AG ocrypto library is a cryptographic software library from the Swiss company Oberon. A security vulnerability exists in Oberon microsystem AG ocrypto library versions prior to 1.0.0 through 1.5.1, which stems from a padding predicate attack on the AES-CBC PKCS7 decryption...
CVE-2025-34091
A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...
CVE-2025-34091
CVE-2025-34091 describes a padding oracle vulnerability in Google Chrome’s AppBound cookie encryption, due to DPAPI decryption error reporting in Windows Event Logs. A local attacker can send malformed SYSTEM-DPAPI ciphertext to Chrome’s elevation service, distinguish padding vs MAC errors, and p...
CVE-2025-34091 Chrome Cookie Encryption Bypass via Padding Oracle Attack on AppBound Encryption
A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...
PT-2025-27672 · Google · Google Chrome
Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Description: A padding oracle vulnerability exists in Google Chrome's AppBound cookie encryption mechanism. This issue arises due to observable decryption failure behavior in Windows Event Logs wh...
CVE-2023-41097
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...
CVE-2010-3299
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...
CVE-2017-12973
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack...
CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics
Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...
Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-2107)
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2014-3566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle...
Linux Distros Unpatched Vulnerability : CVE-2011-4108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote...
Primefaces Remote Code Execution Exploit
This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt. Tested against Docker...
Padding Oracle Attack
org.apache.druid.extensions : druid-pac4j and org.apache.druid : druid-processing is vulnerable to Padding Oracle Attack. The vulnerability is caused due to improper handling of cryptographic padding in the druid-pac4j extension, which could allow an attacker to manipulate a pac4j session cookie...
RHEL 6 : openssl098e (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: double-free in policy checks CVE-2011-4109 - The DTLS implementation in OpenSSL before 0.9.8s an...
BIT-VAULT-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...
CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...