CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:01887-1 advisory. - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Tenable has extracted the preceding description block directl...

5.9CVSS5.9AI score0.00068EPSS

Exploits0References4

OSV•added 2025/05/07 7:11 p.m.•3 views

RLSA-2024:0967 Moderate: opensc security update

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Side-channel leaks while stripping...

5.6CVSS6.2AI score0.00257EPSS

Exploits1References2

Redos•added 2024/12/11 12:0 a.m.•9 views

ROS-20241211-10

Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability may allow a remote intruder to gain...

7.5CVSS7.1AI score0.01028EPSS

Exploits1

Tenable Nessus•added 2024/06/07 12:0 a.m.•30 views

OpenSSL 0.9.8 < 0.9.8c Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.8c. It is, therefore, affected by a vulnerability as referenced in the 0.9.8c advisory. - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before...

4.3CVSS7.2AI score0.04479EPSS

Exploits1References3

OSV•added 2024/05/24 10:8 a.m.•9 views

SUSE-SU-2024:1773-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2023-5992: Fixed a side-channel leaks while stripping encryption PKCS1 padding bsc1219386...

5.9CVSS6.7AI score0.00257EPSS

Exploits1References3

Tenable Nessus•added 2024/05/06 12:0 a.m.•59 views

Oracle Linux 9 : skopeo (ELSA-2024-2239)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2239 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...

9.8CVSS7AI score0.00759EPSS

Exploits0References2

Redos•added 2024/04/04 12:0 a.m.•23 views

ROS-20240404-08

7.4CVSS6.8AI score0.03615EPSS

Exploits1

OSV•added 2024/03/06 10:52 a.m.•27 views

BIT-GOLANG-2023-45287 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

7.5CVSS6.5AI score0.00185EPSS

Exploits0References7

AlmaLinux•added 2024/02/26 12:0 a.m.•36 views

Moderate: opensc security update

5.9CVSS7.3AI score0.00257EPSS

Exploits1References4

AlmaLinux•added 2024/02/26 12:0 a.m.•28 views

Moderate: opensc security update

5.9CVSS7.3AI score0.00257EPSS

Exploits1References4

OSV•added 2024/02/26 12:0 a.m.•27 views

ALSA-2024:0967 Moderate: opensc security update

5.9CVSS6AI score0.00257EPSS

Exploits1References4

Cvelist•added 2024/01/31 2:5 p.m.•17 views

CVE-2023-5992 Opensc: side-channel leaks while stripping encryption pkcs#1 padding

A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...

5.6CVSS5.8AI score0.00257EPSS

Exploits1References6