5879 matches found
PYSEC-2024-3
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
UBUNTU-CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
Crlf injection
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
PyCryptodome Security Vulnerabilities
PyCryptodome is a standalone Python low-level cryptographic primitive package from the individual developer Helder Eijs. A security vulnerability exists in PyCryptodome versions prior to 3.19.1, which stems from a side-channel leak in OAEP decryption...
CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
CVE-2023-52323
Summary of CVE-2023-52323 (CVE entry with concrete details): The IBM bulletin notes that PyCryptodome and pycryptodomex prior to 3.19.1 allow side-channel leakage during OAEP decryption, enabling a Manager attack scenario. In the connected IBM Storage Defender Sentinel Anomaly Scan Engine advisor...
CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
PT-2024-1077 · Pypi +9 · Pycryptodome +9
Name of the Vulnerable Software and Affected Versions: PyCryptodome and pycryptodomex versions prior to 3.19.1 Description: The issue is related to side-channel leakage for OAEP decryption, which can be exploited for a Manger attack. This allows a remote attacker to gain unauthorized access to...
RansomwareSim - A Simulated Ransomware
Overview RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be use...
CVE-2023-50350
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information...
Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6564-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6564-1 advisory. Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...
HCL Technologies DRYiCE MyXalytics Encryption Issue Vulnerability
HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics that stems from being affected by encryption using a corrupted encryption algorithm, which could allow an attacker to...
Oops! Black Basta ransomware flubs encryption
Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Bast...
PT-2024-13920 · Hcl · Hcl Dryice Myxalytics
Name of the Vulnerable Software and Affected Versions: HCL DRYiCE MyXalytics affected versions not specified Description: The issue is related to the use of a broken cryptographic algorithm for encryption in HCL DRYiCE MyXalytics, which could allow an attacker to decrypt sensitive information...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
SUSE SLES15 Security Update : gnutls (SUSE-SU-2023:4952-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4952-1 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be...
BlackCat Ransomware Raises Ante After FBI Disruption
The U.S. Federal Bureau of Investigation FBI disclosed today that it infiltrated the worlds second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gangs darknet website, and released a decryption tool that hundreds of victim...