Lucene search
K

168 matches found

Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55972

Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.5.0 through 4.10.x Description The RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses a non-constant-time memcmp function for label hash verification and contains multiple distinguishable error paths...

3.3CVSS6.1AI score0.00095EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 8:32 p.m.2 views

GHSA-4J9M-H44M-2HV8 Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

Summary Configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle transformation string, the OAEP setting selects PKCS1 v1.5, which is the same algorithm as the DEFAULT setting. Impact Operators who configure encrypt:rsa:algorithm=OAEP to obtain...

1.9CVSS5.8AI score0.00046EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

7.5CVSS5.8AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/24 6:13 p.m.34 views

CVE-2026-33662 OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

7.5CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 6:13 p.m.16 views

CVE-2026-33662

OP-TEE (Trusted Execution Environment) has a concrete vulnerability in RSASSA PKCS#1 v1.5 padding. Affected versions are 3.8.0–4.10; the padding size (PS) is computed as modulus size minus digest/EMSA fields in emsa_pkcs1_v1_5_encode() (rsassa.c). If the modulus is small enough, this subtraction ...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/23 4:34 p.m.3 views

SUSE-SU-2026:0975-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: - CVE-2026-27962: JWS deserializecompact allows for signature bypass by accepting user-controlled embedded JWK as verification key bsc1259738. - CVE-2026-28490: cryptographic padding oracle in JWE RSA15 key management algorithm bsc1259736...

9.1CVSS5.8AI score0.00548EPSS
Exploits3References7
OSV
OSV
added 2026/03/18 5:30 p.m.3 views

OPENSUSE-SU-2026:20392-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: Changes in python-Authlib: - CVE-2026-27962: JWS deserializecompact allows for signature bypass by accepting user-controlled embedded JWK as verification key bsc1259738 - CVE-2026-28490: cryptographic padding oracle in JWE RSA15 key...

9.1CVSS5.9AI score0.00548EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:47 p.m.5 views

CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

7.5CVSS5.5AI score0.00177EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/25 3:47 p.m.25 views

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

6.9CVSS0.00177EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.15 views

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.402.b06-2.el8 (AXSA:2024-7448:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7448:05 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...

7.4CVSS7.6AI score0.01026EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 9 : opencryptoki-3.21.0-9.el9_3.ML.1 (AXSA:2024-7597:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7597:01 advisory. opencryptoki: timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin CVE-2024-0914 Tenable has extracted the preceding description block...

5.9CVSS5.6AI score0.00878EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.11 views

MiracleLinux 9 : java-11-openjdk-11.0.22.0.7-2.el9.ML.1 (AXSA:2024-7450:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7450:05 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...

7.4CVSS7.4AI score0.01026EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : java-21-openjdk-21.0.2.0.13-1.el8.ML.1 (AXSA:2024-7439:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7439:03 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...

7.4CVSS8.6AI score0.00918EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : erlang-18.3.4.7-1.0.1.el7.AXS7 (AXSA:2017-2480:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2480:01 advisory. The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt conten...

5.9CVSS6.6AI score0.22098EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 7:16 p.m.6 views

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.5AI score0.00128EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/13 7:16 p.m.26 views

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS0.00128EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 7:16 p.m.9 views

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00128EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/13 2:28 p.m.11 views

Jervis Has a RSA PKCS#1 Padding Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL463-L465...

8.7CVSS6.9AI score0.00128EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-1651

Malware in sbrugna...

7.5CVSS7.6AI score0.00887EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-23755

Malware in sbrugna...

10CVSS9.3AI score0.03524EPSS
Exploits1References6
Rows per page
Query Builder