Mageia: Security Advisory (MGASA-2016-0196)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated php-ZendFramework2 packages fix CVE-2015-7503

Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...

MGASA-2016-0196 Updated php-ZendFramework2 packages fix CVE-2015-7503

Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...