248 matches found
The vulnerability of the phpseclib cryptographic protocol library, related to incorrect input validation, allows attackers to trigger a service failure.
The vulnerability of the phpseclib cryptographic protocol library is related to insufficient checks on the data entered by users. Exploiting this vulnerability could allow a malicious actor to cause service failures...
ROS-20250417-11
Vulnerability of the phpseclib cryptographic protocol library is related to insufficient verification of user input data user input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Malicious code in phpseclib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3395431636c655a702698158fa477a0bf450d74aebf99e31cfb5a9d0bdf383 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3196 Malicious code in phpseclib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3395431636c655a702698158fa477a0bf450d74aebf99e31cfb5a9d0bdf383 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Ubuntu: Security Advisory (USN-7404-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7404-1: phpseclib vulnerabilities
It was discovered that phpseclib did not correctly handle RSA PKCS1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. CVE-2021-30130 It was discovered that phpseclib did not correctly handle certain characte...
USN-7404-1 phpseclib vulnerabilities
It was discovered that phpseclib did not correctly handle RSA PKCS1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. CVE-2021-30130 It was discovered that phpseclib did not correctly handle certain characte...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : phpseclib vulnerabilities (USN-7404-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7404-1 advisory. It was discovered that phpseclib did not correctly handle RSA PKCS1 v1.5 signature verification. An attacker could...
Linux Distros Unpatched Vulnerability : CVE-2023-52892
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly...
Fedora: Security Advisory (FEDORA-2025-b38cbff99d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : php-phpseclib (2025-b38cbff99d)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b38cbff99d advisory. Security fix for CVE-2023-52892, CVE-2024-27354 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
[SECURITY] Fedora 41 Update: php-phpseclib-2.0.48-1.fc41
MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...
Fedora 41 : php-phpseclib (2025-91d6e174d9)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-91d6e174d9 advisory. Security fix for CVE-2023-52892, CVE-2024-27354 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
Improper Certificate Validation
phpseclib/phpseclib is vulnerable to Improper Certificate Validation. The vulnerability is due to some characters in Subject Alternative Name fields in TLS certificates that are allowed to have a special meaning in regular expressions, leading to name confusion in X.509 certificate host...
Name confusion in x509 Subject Alternative Name fields
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
GHSA-FF7Q-6VWH-V9M4 Name confusion in x509 Subject Alternative Name fields
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
DEBIAN-CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
UBUNTU-CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...
CVE-2023-52892
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...