Python-RSA decryption of ciphertext leads to DoS

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

GHSA-537H-RV9Q-VVPH Python-RSA decryption of ciphertext leads to DoS

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

CVE-2020-9206

The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be...

Design/Logic Flaw

The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be...

CVE-2020-9206

The CVE-2020-9206 entry concerns Huawei’s eUDC660 device with an improper resource-management vulnerability. A high-privilege attacker can perform specific operations to exploit the issue, enabling access to the device’s key file and decrypting data, impacting confidentiality, integrity, and avai...

CVE-2020-9206

The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be...

USN-4839-1: python-gnupg vulnerabilities

Marcus Brinkmann discovered that python-gnupg improperly handled certain command line parameters. A remote attacker could use this to spoof the output of python-gnupg and cause unsigned e-mail to appear signed. CVE-2018-12020 It was discovered that python-gnupg incorrectly handled the GPG...

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms

Europol launched “major interventions” against organized crime on March 9, which it said were made possible by monitoring the encrypted messages of around 70,000 users of the Sky ECC service since mid-February. Sky ECC, which focuses on selling mobile phones with specialized, private...

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-25659

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-25659. Vulnerability Details CVEID: CVE-2020-25659 DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted...

Moderate: Red Hat Security Advisory: nss-softokn security update

An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

PyBeacon - A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python

PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic. It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskings Scripts included There is a small library which includes encryption/decoding methods, however some example scripts are...

CVE-2021-20441

IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617...

CVE-2021-20441

CVE-2021-20441 affects IBM Security Verify Bridge. The issue stems from use of weaker-than-expected cryptographic algorithms, including defaulting to TLS 1.0 when no TLS preference is specified and an older random number generator during LDAP bind authentication. This could allow an attacker to d...

python-rsa: bleichenbacher timing oracle attack against RSA decryption

A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLS_FALLBACK_SCSV

Summary The server responded with a Handshake to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLSFALLBACKSCSV Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when...

Security Bulletin: IBM Cloud Private is vulnerable to a Python vulnerability (CVE-2020-25659)

Summary IBM Cloud Private is vulnerable to a Python vulnerability Vulnerability Details CVEID: CVE-2020-25659 DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the...

Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 This is a Proof of Concept for CVE-2021-27328 Example to get firmware decrypting password http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmwaredetect to get /etc/paswd...

python-rsa: bleichenbacher timing oracle attack against RSA decryption

A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

CVE-2021-27328

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...

Directory traversal

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...