CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/06/17 8:40 p.m.•8 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

6.3CVSS0.00244EPSS

Vulnrichment•added 2025/06/17 8:40 p.m.•2 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

6.3CVSS6.7AI score0.00244EPSS

CVE•added 2025/06/17 8:40 p.m.•16 views

CVE-2025-49824

CVE-2025-49824 affects the conda-smithy tool. Before 3.47.1, the travis_encrypt_binstar_token RSA signing code uses an outdated padding scheme, making it vulnerable to an Oracle Padding Attack. An attacker with oracle access can submit modified ciphertexts and, through response analysis, infer th...

6.3CVSS6.2AI score0.00244EPSS

OSV•added 2025/06/17 8:40 p.m.•5 views

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

6.3CVSS6.6AI score0.00244EPSS

Exploits0References5

CNNVD•added 2025/06/17 12:0 a.m.•1 views

conda-forge conda-smithy 信息泄露漏洞

conda-forge conda-smithy is a conda-forge open source tool for managing conda-forge raw materials. An information disclosure vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from the travisencryptbinstartoken implementation being at risk of an Oracle Padding...

6.3CVSS5.9AI score0.00244EPSS

Exploits0References5

SUSE Linux•added 2025/06/11 5:43 a.m.•2 views

Security update for perl-Crypt-OpenSSL-RSA

This update for perl-Crypt-OpenSSL-RSA fixes the following issues: CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.9CVSS7.3AI score0.00516EPSS

SUSE Linux•added 2025/06/11 5:42 a.m.•2 views

Security update for perl-Crypt-OpenSSL-RSA

5.9CVSS6AI score0.00516EPSS

OSV•added 2025/06/10 5:17 p.m.•6 views

GO-2025-3748 Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) in github.com/pion/interceptor

Pion Interceptor's improper RTP padding handling allows remote crash for SFU users DoS in github.com/pion/interceptor...

7.5CVSS7.3AI score0.00415EPSS

Snyk•added 2025/06/09 9:59 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through handling of RTP packets in the NewPacket function of packetfactory.go. An attacker can trigger a panic in the system by sending malformed RTP packets containing a padding size...

8.7CVSS6.9AI score0.00415EPSS

Exploits0References2

Vulnrichment•added 2025/06/09 9:13 p.m.•4 views

CVE-2025-49140 Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should...

7.5CVSS7.5AI score0.00415EPSS

CVE•added 2025/06/09 9:13 p.m.•171 views

CVE-2025-49140

Pion Interceptor (part of the RTP/RTCP framework) versions 0.1.36–0.1.38 contain a bug in the RTP packet factory that can cause a panic in Pion-based SFUs when handling crafted RTP packets. The issue is mitigated by upgrading to v0.1.39 or later, which adds a validation that padLen > 0 && padLen

7.5CVSS7.5AI score0.00415EPSS

OSV•added 2025/06/09 8:29 p.m.•3 views

GHSA-F26W-GH5M-QQ77 Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Impact Pion Interceptor versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Patches Upgrade to v0.1.39 or later, which includes PR 338 which...

7.5CVSS7AI score0.00415EPSS

Exploits0References6

OpenVAS•added 2025/05/27 12:0 a.m.•7 views

Ubuntu: Security Advisory (USN-7531-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.00749EPSS

OSV•added 2025/05/26 11:44 a.m.•2 views

USN-7533-1 openjdk-17-crac vulnerabilities

Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of CRaC JDK 17 incorrectly handled compiler transformations. An...

OSV•added 2025/05/26 3:29 a.m.•2 views

USN-7531-1 openjdk-21-crac vulnerabilities

Alicja Kario discovered that the JSSE component of CRaC JDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of CRaC JDK 21 incorrectly handled compiler transformations. An...

Tenable Nessus•added 2025/05/26 12:0 a.m.•4 views

Ubuntu 24.10 / 25.04 : CRaC JDK 17 vulnerabilities (USN-7533-1)

The remote Ubuntu 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7533-1 advisory. Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain...

Tenable Nessus•added 2025/05/26 12:0 a.m.•4 views

Ubuntu 24.10 / 25.04 : CRaC JDK 21 vulnerabilities (USN-7531-1)

The remote Ubuntu 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7531-1 advisory. Alicja Kario discovered that the JSSE component of CRaC JDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain...