asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption

The encryption and decryption process were vulnerable against the Bleichenbacher's attack, which is a padding oracle vulnerability disclosed in the 98'. The issue was about the wrong padding utilized, which allowed to retrieve the encrypted content. The OPENSSLPKCS1PADDING version, aka PKCS v1.5...

GHSA-87MP-XC4X-X8RH asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption

The encryption and decryption process were vulnerable against the Bleichenbacher's attack, which is a padding oracle vulnerability disclosed in the 98'. The issue was about the wrong padding utilized, which allowed to retrieve the encrypted content. The OPENSSLPKCS1PADDING version, aka PKCS v1.5...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8)

The version of AOS installed on the remote host is prior to 6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8 advisory. - In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be...

SUSE SLES12 Security Update : opensc (SUSE-SU-2024:1625-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1625-1 advisory. - A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channel resistant. This issue may...

RHEL 7 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gnutls: Bleichenbacher-like side channel leakage in PKCS1 v1.5 verification and padding oracle verificati...

Shiro-721

This is a vulnerability analysis of a repository containing a proof-of-concept PoC exploit for a remote code execution RCE vulnerability in Apache Shiro, a Java-based security framework. The vulnerability is caused by a padding oracle attack, which allows an attacker to construct serialized data...

SUSE CVE-2022-48696

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

RLSA-2024:1687 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

Oracle Linux 9 : skopeo (ELSA-2024-2239)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2239 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

CVE-2022-48696

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

DEBIAN-CVE-2022-48696

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

CVE-2022-48696

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

UBUNTU-CVE-2022-48696

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

CVE-2022-48696 regmap: spi: Reserve space for register address/padding

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

CVE-2022-48696 regmap: spi: Reserve space for register address/padding

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

CVE-2022-48696

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

edk2: Infinite loop when parsing a PadN option in the Destination Options header

The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability...

CentOS 9 : opensc-0.23.0-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the opensc-0.23.0-4.el9 build changelog. - Side-channel leaks while stripping encryption PKCS1.5 padding CVE-2023-5992 Note that Nessus has not tested for this issue but has instead relied...

CentOS 9 : opensc-0.23.0-3.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the opensc-0.23.0-3.el9 build changelog. - Potential PIN bypass CVE-2023-40660 - Dynamic analyzers reports in pkcs15init CVE-2023-40661 - Out-of-bounds read in MyEID driver handlin...