CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

Ubuntu: Security Advisory (USN-4613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-rsa (EulerOS-SA-2020-2390)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : python-cryptography vulnerability (USN-4613-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4613-1 advisory. Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expo...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2020-2371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4613-1: python-cryptography vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information...

USN-4613-1 python-cryptography vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information...

EulerOS 2.0 SP2 : python-rsa (EulerOS-SA-2020-2390)

According to the version of the python-rsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., ...

CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended...

Nextcloud Server < 17.0.7, 18.x < 18.0.5 Cryptographic Vulnerability (NC-SA-2020-023)

Nextcloud Server is prone to a cryptographic vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

EulerOS 2.0 SP5 : python-rsa (EulerOS-SA-2020-2267)

According to the version of the python-rsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., ...

Widevine-L3-Decryptor - A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM

Widevine is a Google-owned DRM system that's in use by many popular streaming services Netflix, Spotify, etc. to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software i.e no hardware TEEs,...

GHSA-2XWP-M7MQ-7Q3R CLI does not correctly implement strict mode

In the affected versions, the AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the...

CLI does not correctly implement strict mode

In the affected versions, the AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the...

Insecure RSA Decryption (Bleichenbacher Timing Vulnerability)

cryptography is using insecure RSA Decryption and is vulnerable to Bleichenbacher Timing Vulnerability. When RSA decryption is used in online scenarios, it does not use RSA PKCS1v1.5 decryption with constant time, allowing an attacker to passively record traffic and later decrypt it...

CVE-2020-25659

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext...

UBUNTU-CVE-2020-25659

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext...

GHSA-HGGM-JPG3-V476 RSA decryption vulnerable to Bleichenbacher timing vulnerability

RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2...

RSA decryption vulnerable to Bleichenbacher timing vulnerability

RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2...