Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1498)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WindowsHello open source library encryption issue vulnerability

WindowsHello is an unlocking open source library for use with the Windows Hello biometric facial recognition library. A vulnerability exists in the WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello prior to version 1.0.4 due to a cryptographic issue. An attacker ca...

EulerOS 2.0 SP3 : libgcrypt (EulerOS-SA-2020-1400)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proxima...

CVE-2020-11005

The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...

Authentication flaw

The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...

Internal NCryptDecrypt method could be used externally from WindowsHello library.

Impact Every user of the library before version 1.0.4. Patches Patched in 1.0.4+. Workarounds None. References https://github.com/SeppPenner/WindowsHello/issues/3 For more information It this library is used to encrypt text and write the output to a txt file, another executable could be able to...

CVE-2020-11005

CVE-2020-11005 affects the WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello) prior to version 1.0.4. The vulnerability allows encrypted data to be decrypted without authenticating Windows Hello, if text is encrypted and written to a file and another executable us...

Denial Of Service (DoS)

gnutls is vulnerable to Denial Of Service DoS. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer...

Unauthenticated Access

pki allows unauthenticated access. The certificate authority allowed unauthenticated users to request the one-time PIN in an SCEP request to be decrypted. An attacker able to sniff an SCEP request from a network device could request the certificate authority to decrypt the request, allowing them ...

SUSE-SU-2020:0948-1 Security update for gmp, gnutls, libnettle

This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello bsc1168345 FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode...

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

Zoom Client for Meetings Encryption Issue Vulnerability

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. An encryption issue vulnerability exists in Zoom Client for Meetings version 4.6.9 and earlier, which stems from the fact that Zoom Client for Meetings uses ECB mode of AES for video and audio...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2020-7000

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HM...

CVE-2020-7000

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HM...

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...

Security update for skopeo (moderate)

openSUSE Security Update: Security update for skopeo Announcement ID: openSUSE-SU-2020:0377-1 Rating: moderate References: 1159530 1165715 Cross-References: CVE-2019-10214 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available. Descriptio...

CVE-2019-4553

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958...

Code injection

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958...