CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/01/14 7:20 p.m.•9 views

BIT-PHP-MIN-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

5.9CVSS5.8AI score0.01158EPSS

Exploits1References5

Snyk•added 2025/01/09 4:41 a.m.•3 views

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel through the decryption process. An attacker can decrypt messages or forge signatures by exchanging a large number of messages with the vulnerable service Marvin Attack. Workaround This vulnerability can be mitigate...

9.1CVSS7.2AI score0.00626EPSS

Exploits0References2

OSV•added 2025/01/07 5:1 p.m.•11 views

OPENSUSE-SU-2025:0004-1 Security update for rubygem-json-jwt

This update for rubygem-json-jwt fixes the following issues: - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes CVE-2023-51774 boo1220727 - updated to version 1.11.0 - no changelog found - Fixes...

8.4CVSS6.9AI score0.01257EPSS

Exploits1References5

RedhatCVE•added 2025/01/07 11:49 a.m.•15 views

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. Mitigation See the following possible...

7.4CVSS6.9AI score0.00626EPSS

OSV•added 2024/12/30 4:53 p.m.•2 views

GHSA-GMX7-GR5Q-85W5 magic-crypt uses insecure cryptographic algorithms

This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force a...

Github Security Blog•added 2024/12/30 4:53 p.m.•7 views

magic-crypt uses insecure cryptographic algorithms

Exploits0References3Affected Software1

Positive Technologies•added 2024/12/30 12:0 a.m.•2 views

PT-2024-40305 · Unknown · Magiccrypt192 +3

Name of the Vulnerable Software and Affected Versions: MagicCrypt64, MagicCrypt128, MagicCrypt192, and MagicCrypt256 affected versions not specified Description: The issue concerns the use of insecure cryptographic algorithms and practices that compromise the integrity of encrypted data...

6.9AI score

OSV•added 2024/12/28 12:0 p.m.•1 views

RUSTSEC-2024-0430 Use of insecure cryptographic algorithms

RustSec•added 2024/12/28 12:0 p.m.•3 views

Use of insecure cryptographic algorithms

Positive Technologies•added 2024/12/28 12:0 a.m.•4 views

Exploits0

PT-2024-40973 · Unknown · Magiccrypt

Name of the Vulnerable Software and Affected Versions: MagicCrypt affected versions not specified Description: The issue concerns the use of insecure cryptographic algorithms and practices that compromise the integrity of encrypted data. Specifically, MagicCrypt64 uses the insecure DES block ciph...

6.9AI score

OSV•added 2024/12/16 1:56 p.m.•46 views

BIT-NODE-MIN-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS6.6AI score0.01302EPSS

Tenable Nessus•added 2024/12/13 12:0 a.m.•7 views

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49997)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49997 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory...

7.5CVSS6.3AI score0.01087EPSS

Exploits0References2

Redos•added 2024/12/11 12:0 a.m.•11 views

ROS-20241211-10

Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability may allow a remote intruder to gain...

7.5CVSS7.1AI score0.01614EPSS

Exploits1

Metasploit•added 2024/12/07 6:54 p.m.•1116 views

Primefaces Remote Code Execution Exploit

This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt. Tested against Docker...

9.8CVSS9.9AI score0.94104EPSS

Exploits6

OSV•added 2024/11/27 6:20 p.m.•3 views

CVE-2024-47181 Unaligned memory access in RPL option processing in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL...

7.5CVSS6.9AI score0.00546EPSS