Lucene search
K

248 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/02 12:0 a.m.9 views

The vulnerability of the phpseclib cryptographic protocol library, related to incorrect input validation, allows attackers to trigger a service failure.

The vulnerability of the phpseclib cryptographic protocol library is related to insufficient checks on the data entered by users. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.2AI score0.00569EPSS
Exploits0References5Affected Software2
Redos
Redos
added 2025/04/17 12:0 a.m.10 views

ROS-20250417-11

Vulnerability of the phpseclib cryptographic protocol library is related to insufficient verification of user input data user input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.6AI score0.00569EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/09 5:11 a.m.2 views

Malicious code in phpseclib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3395431636c655a702698158fa477a0bf450d74aebf99e31cfb5a9d0bdf383 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/04/09 5:11 a.m.4 views

MAL-2025-3196 Malicious code in phpseclib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3395431636c655a702698158fa477a0bf450d74aebf99e31cfb5a9d0bdf383 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OpenVAS
OpenVAS
added 2025/04/03 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-7404-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01055EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2025/04/02 1:35 a.m.11 views

USN-7404-1: phpseclib vulnerabilities

It was discovered that phpseclib did not correctly handle RSA PKCS1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. CVE-2021-30130 It was discovered that phpseclib did not correctly handle certain characte...

7.5CVSS7.2AI score0.01055EPSS
Exploits1
OSV
OSV
added 2025/04/02 1:35 a.m.6 views

USN-7404-1 phpseclib vulnerabilities

It was discovered that phpseclib did not correctly handle RSA PKCS1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. CVE-2021-30130 It was discovered that phpseclib did not correctly handle certain characte...

7.5CVSS5.7AI score0.01055EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/04/02 12:0 a.m.8 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : phpseclib vulnerabilities (USN-7404-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7404-1 advisory. It was discovered that phpseclib did not correctly handle RSA PKCS1 v1.5 signature verification. An attacker could...

7.5CVSS7.4AI score0.01055EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-52892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly...

7.5CVSS5.9AI score0.00376EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/02/10 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2025-b38cbff99d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00601EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/02/09 12:0 a.m.15 views

Fedora 40 : php-phpseclib (2025-b38cbff99d)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b38cbff99d advisory. Security fix for CVE-2023-52892, CVE-2024-27354 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

7.5CVSS7.4AI score0.00601EPSS
Exploits1References3
Fedora
Fedora
added 2025/02/08 2:18 a.m.10 views

[SECURITY] Fedora 41 Update: php-phpseclib-2.0.48-1.fc41

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

7.5CVSS7.3AI score0.00601EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/02/08 12:0 a.m.8 views

Fedora 41 : php-phpseclib (2025-91d6e174d9)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-91d6e174d9 advisory. Security fix for CVE-2023-52892, CVE-2024-27354 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

7.5CVSS7.4AI score0.00601EPSS
Exploits1References3
Veracode
Veracode
added 2024/06/28 6:15 a.m.17 views

Improper Certificate Validation

phpseclib/phpseclib is vulnerable to Improper Certificate Validation. The vulnerability is due to some characters in Subject Alternative Name fields in TLS certificates that are allowed to have a special meaning in regular expressions, leading to name confusion in X.509 certificate host...

7.5CVSS6.5AI score0.00376EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2024/06/28 12:33 a.m.14 views

Name confusion in x509 Subject Alternative Name fields

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

7.5CVSS6.7AI score0.00376EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/06/28 12:33 a.m.13 views

GHSA-FF7Q-6VWH-V9M4 Name confusion in x509 Subject Alternative Name fields

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

8.7CVSS7.3AI score0.00376EPSS
Exploits1References6
OSV
OSV
added 2024/06/27 10:15 p.m.1 views

DEBIAN-CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

7.5CVSS5.3AI score0.00376EPSS
Exploits1References1
NVD
NVD
added 2024/06/27 10:15 p.m.15 views

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

7.5CVSS0.00376EPSS
Exploits1References4
OSV
OSV
added 2024/06/27 10:15 p.m.3 views

UBUNTU-CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

7.5CVSS5.8AI score0.00376EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2024/06/27 10:15 p.m.12 views

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

7.5CVSS5.9AI score0.00376EPSS
Exploits1References7
Rows per page
Query Builder