2926 matches found
CVE-2025-9071
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated...
CVE-2025-7383
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
CVE-2025-7071
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
CVE-2025-9071
The CVE-2025-9071 entry concerns Oberon Microsystems’ Oberon PSA Crypto library (all versions up to 1.5.1). The root cause is using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, making RSA deterministic. This leads to confidentiality loss for guessable messages, rec...
CVE-2025-9071 Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated...
CVE-2025-9071 Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated...
CVE-2025-7383
The CVE-2025-7383 entry concerns Oberon PSA Crypto library. A padding oracle timing side-channel affects AES-CBC PKCS#7 decryption, exploitable via timing measurements. Affected versions are 1.0.0 through 1.5.0; versions 1.5.1 and later are not affected. Impact is plaintext recovery with local ti...
CVE-2025-7383 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
CVE-2025-7383 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
CVE-2025-7071 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
CVE-2025-7071
The CVE concerns Oberon microsystems AG ocrypto library. A padding oracle timing side-channel in AES-CBC decryption with PKCS#7 padding exists for ocrypto versions 3.1.0 through 3.9.1 (i.e., all versions since 3.1.0 up to but not including 3.9.2). Attackers could recover plaintexts by measuring d...
CVE-2025-7071 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...
Oberon microsystem AG ocrypto library 安全漏洞
Oberon microsystem AG ocrypto library is a cryptographic software library from the Swiss company Oberon. A security vulnerability exists in Oberon microsystem AG ocrypto library versions prior to 3.1.0 through 3.9.2, which stems from a padded predicate attack on the AES-CBC PKCS7 decryption...
Oberon microsystem AG ocrypto library 安全漏洞
Oberon microsystem AG ocrypto library is a cryptographic software library from the Swiss company Oberon. A security vulnerability exists in Oberon microsystem AG ocrypto library versions prior to 1.0.0 through 1.5.1, which stems from a padding predicate attack on the AES-CBC PKCS7 decryption...
PT-2025-35197
Name of the Vulnerable Software and Affected Versions: Oberon PSA Crypto Library versions prior to 1.6 Description: The software uses an all-zero seed for RSA-OEAP padding instead of generated random bytes. This results in deterministic RSA, leading to a loss of confidentiality for guessable...
PT-2025-35195
Name of the Vulnerable Software and Affected Versions: ocrypto versions 3.1.0 through 3.9.1 Description: A padding oracle attack allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations. Recommendations: Update to a version later than 3.9.1...
PT-2025-35196
Name of the Vulnerable Software and Affected Versions: Oberon PSA Crypto library versions 1.0.0 through 1.5.0 Description: A padding oracle attack allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations. Recommendations: Update to version 1.5.1 or late...
kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...
kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...
Linux Distros Unpatched Vulnerability : CVE-2018-11040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain request...