Lucene search
K

29 matches found

RedHat Linux
RedHat Linux
added last week4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/07/03 4:41 p.m.9 views

CVE-2026-56369

A vulnerability has been identified in ImageMagick, a software tool used to create, edit, and convert image files. This flaw allows a remote attacker to potentially decrypt and view images that were supposed to be securely encrypted by the software, leading to an unauthorized disclosure of...

6.3CVSS5.9AI score0.00229EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/20 3:56 p.m.5 views

CVE-2026-32935

A flaw was found in phpseclib, a PHP secure communications library. When using Advanced Encryption Standard AES in Cipher Block Chaining CBC mode, a remote attacker can exploit a padding oracle timing attack. This vulnerability may allow the attacker to decrypt sensitive information by observing...

8.2CVSS5.8AI score0.00374EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.2 views

Siemens SIMATIC Devices Use of a Broken or Risky Cryptographic Algorithm (CVE-2023-50781)

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

7.5CVSS7.1AI score0.01124EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0587

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01124EPSS
Exploits0References5
OSV
OSV
added 2025/07/11 12:20 p.m.3 views

OESA-2025-1774 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lea...

7.5CVSS6.6AI score0.01118EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 p.m.16 views

CVE-2022-46834

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

6.5CVSS7.1AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.5 views

PT-2024-10390 · Ibm · Ibm Mq Operator +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Container versions 2.0.0 through 2.0.22, 2.2.0 through 2.2.2, 2.3.0 through 2.3.3, 2.4.0 through 2.4.8, 3.0.0, 3.0.1, 3.1.0 through 3.1.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms in...

7.5CVSS6.1AI score0.00205EPSS
Exploits0References6
OSV
OSV
added 2024/02/05 9:15 p.m.3 views

DEBIAN-CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

7.5CVSS7.2AI score0.01124EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/12/15 2:5 a.m.3 views

SUSE CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

7.5CVSS6.6AI score0.01124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.3 views

PT-2023-9146

Name of the Vulnerable Software and Affected Versions python-cryptography affected versions not specified Description A flaw was found in the python-cryptography package, which may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges. This could lead to...

8.7CVSS7.1AI score0.01118EPSS
Exploits0References105
SUSE CVE
SUSE CVE
added 2023/02/15 5:38 a.m.5 views

SUSE CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

8.1CVSS7.8AI score0.01945EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.4 views

SUSE CVE-2015-7824

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites...

7.5CVSS6.8AI score0.01686EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2022/12/22 10:23 p.m.5 views

K15389: OpenSSL vulnerability CVE-2011-4576

Security Advisory Description The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

5CVSS8.3AI score0.14523EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/12/13 4:15 p.m.4 views

CVE-2022-46832

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmwa...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/08 11:35 a.m.9 views

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

9.1CVSS7.3AI score0.0187EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/10/18 9:27 a.m.6 views

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

9.1CVSS7.3AI score0.0187EPSS
Exploits1References6
NVD
NVD
added 2019/12/03 2:15 p.m.31 views

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

8.1CVSS8.1AI score0.01945EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2019/12/03 2:15 p.m.21 views

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

8.1CVSS7.2AI score0.01945EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2019/12/03 1:55 p.m.57 views

CVE-2013-2228

Removed by vendor...

8.1CVSS8.1AI score0.01945EPSS
Exploits0
Rows per page
Query Builder