Lucene search
K

657 matches found

OSV
OSV
added 2026/07/06 8:16 p.m.2 views

DEBIAN-CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

3.3CVSS6AI score0.00099EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 8:16 p.m.11 views

DEBIAN-CVE-2026-41515

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses...

3.3CVSS6AI score0.00094EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

3.3CVSS0.00099EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/06 7:27 p.m.3 views

EUVD-2026-41908

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

2.5CVSS6AI score0.00099EPSS
Exploits1References1
CVE
CVE
added 2026/07/06 7:27 p.m.9 views

CVE-2026-41516

OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) contains a vulnerability in the Hisilicon HPRE PKCS#1 v1.5 RSA decryption path. From version 4.5.0 up to, but not including, 4.11.0, the RSA PKCS#1 v1.5 decryption implementation uses non-constant-time memcmp() for label hash verif...

3.3CVSS6AI score0.00099EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/07/06 7:27 p.m.5 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

3.3CVSS6AI score0.00099EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:27 p.m.6 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

2.5CVSS6AI score0.00099EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:41 p.m.30 views

CVE-2026-6291 Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:41 p.m.16 views

CVE-2026-6291

CVE-2026-6291 affects wolfSSL (v4.0) and describes a Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption used for EnvelopedData. The vulnerability arises because error codes differed between RSA padding validation failure and malformed decrypted content, enabling an attacker t...

6.5CVSS5.9AI score0.00152EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 4:40 p.m.4 views

SUSE-SU-2026:2459-1 Security update for strongswan

This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

5.8AI score
Exploits6References17
SUSE Linux
SUSE Linux
added 2026/06/01 7:45 a.m.11 views

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

9.2CVSS5.8AI score
Exploits6References24
OSV
OSV
added 2026/06/01 7:45 a.m.5 views

SUSE-SU-2026:2197-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

5.8AI score
Exploits6References13
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-rsa (UTSA-2026-016608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016608 advisory. It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher...

7.5CVSS6.6AI score0.01631EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: nettle (UTSA-2026-016652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016652 advisory. A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated cipherte...

7.5CVSS6.7AI score0.02686EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, NSS

NSS was vulnerable to a timing-side-channel attack during RSA decryption. This attack could potentially allow an attacker to retrieve private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

6.5CVSS6.6AI score0.00816EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Node.js

Node.js versions that bundle a unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL that is also unpatched are vulnerable to the Marvin attack – https://people.redhat.com/hkario/marvin/. This vulnerability occurs when performing RSA decryption using a private key,...

7.4CVSS6.7AI score0.01302EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.10 views

SUSE SLES12 Security Update : strongswan (SUSE-SU-2026:1762-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1762-1 advisory. - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling...

5.8AI score
Exploits6References19
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.14 views

openSUSE 16 Security Update : strongswan (openSUSE-SU-2026:20678-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20678-1 advisory. Update to version 6.0.6 jscPED-16145. Security issued fixed: - CVE-2026-35328: infinite loop when handling supported versions TLS extension...

6AI score
Exploits6References21
SUSE Linux
SUSE Linux
added 2026/05/08 8:58 a.m.8 views

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. CVE-2026-35331: acceptance of certificates violating X.509 name constrain...

9.2CVSS5.8AI score
Exploits6References24
OSV
OSV
added 2026/05/07 4:17 p.m.11 views

JLSEC-2026-463 Mbed TLS timing side channel in RSA and CBC/ECB decryption

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.8AI score0.0027EPSS
Exploits0References4
Rows per page
Query Builder