29 matches found
Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor
A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...
CVE-2026-56369
A vulnerability has been identified in ImageMagick, a software tool used to create, edit, and convert image files. This flaw allows a remote attacker to potentially decrypt and view images that were supposed to be securely encrypted by the software, leading to an unauthorized disclosure of...
CVE-2026-32935
A flaw was found in phpseclib, a PHP secure communications library. When using Advanced Encryption Standard AES in Cipher Block Chaining CBC mode, a remote attacker can exploit a padding oracle timing attack. This vulnerability may allow the attacker to decrypt sensitive information by observing...
Siemens SIMATIC Devices Use of a Broken or Risky Cryptographic Algorithm (CVE-2023-50781)
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...
EUVD-2024-0587
Malicious code in bioql PyPI...
OESA-2025-1774 python-cryptography security update
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lea...
CVE-2022-46834
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...
PT-2024-10390 · Ibm · Ibm Mq Operator +1
Name of the Vulnerable Software and Affected Versions: IBM MQ Container versions 2.0.0 through 2.0.22, 2.2.0 through 2.2.2, 2.3.0 through 2.3.3, 2.4.0 through 2.4.8, 3.0.0, 3.0.1, 3.1.0 through 3.1.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms in...
DEBIAN-CVE-2023-50781
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...
SUSE CVE-2023-50781
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...
PT-2023-9146
Name of the Vulnerable Software and Affected Versions python-cryptography affected versions not specified Description A flaw was found in the python-cryptography package, which may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges. This could lead to...
SUSE CVE-2013-2228
SaltStack RSA Key Generation allows remote users to decrypt communications...
SUSE CVE-2015-7824
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites...
K15389: OpenSSL vulnerability CVE-2011-4576
Security Advisory Description The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...
CVE-2022-46832
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmwa...
nodejs: weak randomness in WebCrypto keygen
A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...
nodejs: weak randomness in WebCrypto keygen
A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...
CVE-2013-2228
SaltStack RSA Key Generation allows remote users to decrypt communications...
CVE-2013-2228
SaltStack RSA Key Generation allows remote users to decrypt communications...
CVE-2013-2228
Removed by vendor...