CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:01887-1 advisory. - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Tenable has extracted the preceding description block directl...

5.9CVSS5.9AI score0.00516EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 9:42 a.m.•10 views

CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker...

5.9CVSS6.2AI score0.01001EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:37 p.m.•15 views

CVE-2020-36315

In RELIC before 2020-08-01, RSA PKCS1 v1.5 signature forgery can occur because certain checks of the padding and of the first two bytes are inadequate. NOTE: this requires that a low public exponent such as 3 is being used. The product, by default, does not generate RSA keys with such a low numbe...

5.3CVSS6.8AI score0.00928EPSS

Exploits1

Rosalinux•added 2025/03/01 9:21 p.m.•5 views

Advisory ROSA-SA-2025-2728

Software: opencryptoki 3.21.0 OS: ROSA Virtualization 3.0 packageevrstring: opencryptoki-3.21.0-10.rv30 CVE-ID: CVE-2024-0914 BDU-ID: 2024-02839 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the opencryptoki package is related to the processing of RSA PKCS1 augmented ciphertexts. Exploitation of...

5.9CVSS6.9AI score0.00878EPSS

Exploits0

Mageia•added 2024/04/27 6:26 a.m.•26 views

Updated opencryptoki packages fix security vulnerability

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...

5.9CVSS7AI score0.00878EPSS

Exploits0References2

Tenable Nessus•added 2024/04/17 12:0 a.m.•19 views

RHEL 9 : opencryptoki (RHSA-2024:1856)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1856 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

5.9CVSS6AI score0.00878EPSS

Exploits0References5

Tenable Nessus•added 2024/04/05 12:0 a.m.•28 views

Rocky Linux 8 : opencryptoki (RLSA-2024:1608)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1608 advisory. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could...

5.9CVSS5.8AI score0.00878EPSS

Exploits0References3

AlmaLinux•added 2024/04/02 12:0 a.m.•29 views

Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

5.9CVSS7.2AI score0.00878EPSS

Exploits0References4

Tenable Nessus•added 2024/03/19 12:0 a.m.•23 views

RHEL 8 : opencryptoki (RHSA-2024:1411)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1411 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

5.9CVSS6AI score0.00878EPSS

Exploits0References5

Oracle linux•added 2024/03/15 12:0 a.m.•27 views

.NET 7.0 security update

7.0.117-1.0.1 - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port Revert 'Disable implicit rejection for RSA PKCS1 95217 patch...

7.5CVSS7.1AI score0.03065EPSS

Exploits0

Ubuntu•added 2024/03/14 8:59 a.m.•38 views

USN-6673-2: python-cryptography vulnerability

USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding i...

7.5CVSS6.6AI score0.01118EPSS

Exploits0