CVE-2020-13757

CVE-2020-13757 affects the Python-RSA package. Affected: Python-RSA before 4.1. Root cause: decryption ignores leading '\0' bytes in ciphertext. Impact stated in sources: potential DoS risk and information leakage indicators (e.g., attacker could infer usage, or ciphertext length could affect beh...

CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-4376-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4376-1 advisory. Cesar Pereida Garca, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL...

Ubuntu: Security Advisory (USN-4376-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory

Memory Mapper is a lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a process specified by the user or self-injection; the technique of injecting an assembly into the currently running process attempting to do...

USN-4376-1: OpenSSL vulnerabilities

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...

CVE-2020-4349

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423...

CVE-2020-4379

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158...

CVE-2020-4379

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158...

IBM Spectrum Scale Encryption Issue Vulnerability

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

IBM Spectrum Scale Encryption Problem Vulnerability (CNVD-2020-30835)

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

PT-2020-13658 · Python +5 · Python-Rsa +5

Name of the Vulnerable Software and Affected Versions: Python-RSA versions prior to 4.1 Description: The issue concerns the decryption of ciphertext, where leading '0' bytes are ignored. This could potentially have security implications, such as helping an attacker infer that an application uses...

Going dark: encryption and law enforcement

UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...

Information Disclosure Vulnerability in Multiple Huawei Products (CNVD-2020-36726)

Huawei Anne-AL00 and others are products of Huawei, a Chinese company.Huawei Anne-AL00 is a smartphone.Honor 10 Lite is a smartphone.Huawei TC5200-16 is a wireless router.Huawei Anne-AL00 is a smartphone.Huawei Anne-AL00 is a smartphone.Huawei Anne-AL00 is a smartphone.Huawei TC5200-16 is a...

CVE-2020-9069

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than...

CVE-2020-9069

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than...

Information disclosure

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than...

CVE-2020-9069

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than...

CVE-2020-9069

CVE-2020-9069 describes an information leakage vulnerability in multiple Huawei products where an unauthenticated, adjacent attacker could decrypt data and leak information randomly. Affected devices include a wide range of Huawei consumer and networking devices (e.g., Anne-AL00, Berkeley-L09, CD...