15 matches found
pyjwt 安全漏洞
pyjwt is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Security vulnerabilities exist in versions 2.9.0 to 2.12.1 of pyjwt. These vulnerabilities arise when the jwt.decode or jwt.decodecomplete function is called...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to the NewKeyring function not enforcing the ConfirmBeforeUse constraint. An attacker can perform unauthorized signing operations by adding keys with constraints that are silently ignored. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to the NewKeyring function not enforcing the ConfirmBeforeUse constraint. An attacker can perform unauthorized signing operations by adding keys with constraints that are silently ignored. Remediation Upgrade...
OESA-2026-1322 opencryptoki security update
openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...
CVE-2022-50237
A flaw was found in ed25519-dalek. The Keypair implementation allows an attacker to compute a private key by observing signatures generated with corresponding public keys. This public key signing function oracle attack does not require authentication. An unauthenticated attacker can extract the...
CVE-2024-39327
Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way...
opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
AlmaLinux 9 : opencryptoki (ALSA-2024:1239)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1239 advisory. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potential...
CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
DEBIAN-CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
AZL-36965 CVE-2024-0914 affecting package opencryptoki for versions less than 3.24.0-3
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
Design/Logic Flaw
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
SUSE CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. Mitigation Mitigation...
Проблемы в PGP Desktop Security
Пользователь получивший право подписи одного документа с помощью разделенного ключа может подписать этим же ключем любой другой документ при включеном кэшировании ключевой фразы без согласия остальных держателей ключа...