CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2023/05/01 12:0 a.m.•4 views

PT-2023-18357 · Hashicorp · Hashicorp Vault Enterprise

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault Enterprise versions 1.13.0 through 1.13.1 Description: The issue concerns a padding oracle attack when using an HSM in conjunction with the CKM AES CBC PAD or CKM AES CBC encryption mechanisms. An attacker with privileges to...

2.5CVSS7.2AI score0.00086EPSS

Exploits0References7

OSV•added 2023/04/27 11:52 p.m.•11 views

GHSA-JGVC-JFGH-RJVV Chosen Ciphertext Attack in Jose4j

Summary RSA15 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA15 or RSAOAEP encrypted ciphertexts. It may be feasible to sign with affected keys. Severity Moderate - exploiting this ciphertext attack could result in the ability to decrypt RSA15 or RSAOAEP...

5.9AI score

OSV•added 2023/04/25 7:15 p.m.•5 views

CVE-2022-40722

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

5.8CVSS5.8AI score

NVD•added 2023/04/25 7:15 p.m.•10 views

CVE-2022-40722

7.7CVSS7.5AI score0.00328EPSS

Prion•added 2023/04/25 7:15 p.m.•14 views

Design/Logic Flaw

1.7CVSS5.7AI score0.00328EPSS

Exploits0References2Affected Software3

Positive Technologies•added 2023/04/25 12:0 a.m.•4 views

PT-2023-13897 · Ping Identity · Pingid Adapter For Pingfederate

Name of the Vulnerable Software and Affected Versions: PingID Adapter for PingFederate affected versions not specified Description: A misconfiguration of RSA padding in the PingID Adapter for PingFederate, used to support Offline MFA with PingID mobile authenticators, makes it vulnerable to...

7.7CVSS5.4AI score0.00328EPSS

Exploits0References3

CVE•added 2023/04/25 12:0 a.m.•36 views

CVE-2022-40722

CVE-2022-40722 concerns a misconfiguration of RSA padding in the PingID Adapter for PingFederate used to support Offline MFA with PingID mobile authenticators. Red Hat, NVD, CNNVD and other sources describe that this faulty padding enables pre-computed dictionary attacks that bypass offline MFA. ...

7.7CVSS5.9AI score0.00328EPSS

Exploits0References2Affected Software3

Cvelist•added 2023/04/25 12:0 a.m.•17 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

7.7CVSS7.7AI score0.00328EPSS

Vulnrichment•added 2023/04/25 12:0 a.m.•7 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

7.7CVSS7.1AI score0.00328EPSS

Tenable Nessus•added 2023/04/13 12:0 a.m.•75 views

QNAP QTS / QuTS hero Multiple Vulnerabilities in OpenSSL (QSA-23-15)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-15 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

7.5CVSS7.9AI score0.61979EPSS

IBM Security Bulletins•added 2023/04/06 7:28 p.m.•34 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Git [CVE-2022-41903]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Git caused by an integer overflow when processing the padding operators CVE-2022-41903. Git is included as part of the Base OS used by our service images. Please read the details f...

9.8CVSS9.9AI score0.44268EPSS

Exploits0Affected Software1

Rockylinux•added 2023/03/29 4:47 p.m.•64 views

openssl security and bug fix update

An update is available for openssl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

7.5CVSS7.7AI score0.61979EPSS

RedHat Linux•added 2023/03/22 10:38 a.m.•5 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS

RedHat Linux•added 2023/03/14 1:57 p.m.•1 views

openssl: timing attack in RSA Decryption implementation

5.9CVSS6.7AI score0.16195EPSS

Trend Micro Simply Security•added 2023/03/13 12:0 a.m.•11 views

Emotet Returns, Now Adopts Binary Padding for Evasion

Following a three-month hiatus, Emotet spam activities resumed in March 2023, when a botnet known as Epoch 4 began delivering malicious documents embedded in Zip files that were attached to the emails...

2.3AI score

OpenVAS•added 2023/03/08 12:0 a.m.•39 views

Debian: Security Advisory (DLA-456-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.3AI score0.89058EPSS

Exploits7References3

OpenVAS•added 2023/03/08 12:0 a.m.•19 views

Debian: Security Advisory (DLA-364-1)

5.9CVSS5.8AI score0.01685EPSS

Oracle linux•added 2023/03/01 12:0 a.m.•57 views

openssl security update

3.0.1-47.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-47 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...

7.5CVSS7.3AI score0.61979EPSS