Lucene search
K

98 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-50722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload wa...

8.1CVSS6.5AI score0.00352EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 10:16 p.m.5 views

UBUNTU-CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.5AI score0.00392EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/02 9:34 p.m.8 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6.5CVSS0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 5:4 a.m.39 views

CVE-2026-40996

CVE-2026-40996 affects Spring Web Services where Wss4jSecurityInterceptor incorrectly defaults allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J’s safer validation behavior for RequestData. This could allow RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material in inbound WS-Security dec...

4.8CVSS5.5AI score0.00129EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 12:59 a.m.18 views

MAL-2026-4721 Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

6.2AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in PHP 8.1, PHP 7.3

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

5.9CVSS6.5AI score0.01158EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 8:41 a.m.8 views

CLSA-2026-1777452099 nettle: Fix of CVE-2021-3580

CVE-2021-3580: add input validation to RSA decrypt family and length check to pkcs1secdecrypt...

7.5CVSS5.8AI score0.02686EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 6:13 p.m.13 views

CVE-2026-33662 OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 6:13 p.m.10 views

EUVD-2026-25592

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 6:13 p.m.34 views

CVE-2026-33662 OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

7.5CVSS0.00403EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 6:13 p.m.4 views

CVE-2026-33662 OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

7.5CVSS6.1AI score0.00403EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/27 8:45 p.m.1 views

CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS6.8AI score0.00339EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 10:2 p.m.2 views

GHSA-PPP5-5V6C-4JWP Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Summary RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This...

7.5CVSS6.8AI score0.00339EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/26 10:2 p.m.10 views

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : nodejs:18 (AXSA:2024-7655:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7655:01 advisory. nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

7.8CVSS8.1AI score0.03168EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8004

Malware in sbrugna...

5.9CVSS5.9AI score0.00696EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-7122

Malware in sbrugna...

5.8CVSS7.3AI score0.0114EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-9739

Malware in sbrugna...

9.3CVSS7.9AI score0.00369EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-27360

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.01158EPSS
Exploits1References3
Rows per page
Query Builder