Fiserv Prologue 安全漏洞

Fiserv Prologue is a tool for streamlining financial accounting processes and accelerating the delivery of reliable, accessible information that improves performance. A security vulnerability exists in versions of Fiserv Prologue prior to 2020-12-16 that stems from not properly protecting databas...

Delta Electronics Industrial Automation DIALink 信任管理问题漏洞

Delta Electronics Industrial Automation DIALink is an industrial automation IoT device from Delta Electronics Taiwan, China. The Delta Electronics Industrial Automation DIALink suffers from a security vulnerability that stems from the susceptibility of the affected product to the use of hard-code...

Stack overflow

D-link DIR-816 A2v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tpusrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tpusrname, resulting in stack overflow...

DEBIAN-CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

UBUNTU-CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

Design/Logic Flaw

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

CVE-2022-38493

CVE-2022-38493 affects Rhonabwy 0.9.99 through 1.1.x prior to 1.1.7, where the RSA private key length is not validated before RSA-OAEP decryption. The underlying issue allows an attacker to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. Multiple connected sources (Red Ha...

CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

Security Bulletin: Java vulnerability on IBM SAN Volume Controller and Storwize Family (CVE-2014-0411)

Summary Java vulnerability could allow decryption of long GUI session Vulnerability Details CVEID: CVE-2014-0411 DESCRIPTION: Java is used in the system’s GUI. Timing differences based on the validity of messages can be exploited to decrypt the entire session. The exploit is not trivial, requirin...

OESA-2022-1852 m2crypto security update

M2Crypto is a crypto and SSL toolkit for Python. It allows you to call OpenSSL functions from Python2 scripts. Security Fixes: A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of...

LS ELECTRIC PLC 和 XG5000 加密问题漏洞

LS ELECTRIC PLC is a programmable logic controller from LS ELECTRIC, a South Korean company. LS ELECTRIC PLC and XG5000 are vulnerable to an encryption issue that could be exploited by an attacker to decrypt credentials and gain full access to the affected programmable logic controller PLC...

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries—particularly healthcare—as well as critical infrastructure organizations, the feds are warning. Threat actors deploying the ransomware as a service RaaS are...

Design/Logic Flaw

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key...

Mageia: Security Advisory (MGASA-2022-0274)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : python-M2Crypto (SUSE-SU-2022:2691-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2691-1 advisory. - A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in...

Updated python-m2crypto packages fix security vulnerability

Bleichenbacher timing attacks in the RSA decryption API CVE-2020-25657...

MGASA-2022-0274 Updated python-m2crypto packages fix security vulnerability

Bleichenbacher timing attacks in the RSA decryption API CVE-2020-25657...

SUSE-SU-2022:2691-1 Security update for python-M2Crypto

This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API bsc1178829...

Fedora: Security Advisory for golang-github-cloudflare-redoctober (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-cloudflare-redoctober-0-0.13.20210114git99c99a8.fc36

Red October is a software-based two-man rule style encryption and decryption server...