Code injection

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2019-1563

CVE-2019-1563 describes a Bleichenbacher padding oracle vulnerability in OpenSSL. The issue allows an attacker, after sending a large number of ciphertexts for decryption, to recover the CMS/PKCS7 encryption key or decrypt RSA-encrypted data when the attacker can observe decryption success/failur...

OpenSSL Vulnerabilities Oct 2018 - Jul 2019

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL...

CVE-2019-12587

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

CVE-2019-12587

The CVE-2019-12587 entry concerns the EAP peer implementation in Espressif ESP-IDF 2.0.0–4.0.0 and ESP8266_NONOS_SDK 2.2.0–3.1.0, where a zero PMK can be installed after any EAP authentication, enabling attackers in radio range to replay, decrypt, or spoof frames via a rogue AP. Red Hat and OSV r...

Ransomware Hits Dental Data Backup Service Offering Ransomware Protection

THIS WEEK IN THE IRONIC NEWS: DDS Safe, an online cloud-based data backup system that hundreds of dental practice offices across the United States are using to safeguard medical records and other information of their patients from ransomware attacks has been hit with ransomware. Provided by two...

The vulnerability of the SymCrypt library in the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of the SymCrypt library in the Windows operating system is related to errors in cryptographic transformations. Exploiting this vulnerability can allow an attacker to disclose protected information during the OAEP decryption process...

Invalid Curve Attack in openpgp

Versions of openpgp prior to 4.3.0 are vulnerable to an Invalid Curve Attack. The package's implementation of ECDH fails to verify the validity of the communication partner's public key. The package calculates the resulting key secret based on an altered curve instead of the specified elliptic...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

ECDH Private Key Disclosure

openpgp.js is vulnerable to ECDH Private Key disclosure. The vulnerability exists due to an invalid curve attack resulted from allowing an attacker to forge messages to gain feedback on whether a decryption is successful...

CVE-2019-9155

A cryptographic issue in OpenPGP.js =4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key...

Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors. Extended documentation: http://kiminewt.github.io/pyshark Python2 deprecation - This package no longer supports Python2. If you wish to still use it in Python2, you can: Use version 0.3.8 Install pyshark-legacy...

CVE-2019-1171

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected...

Information disclosure

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage, aka 'SymCrypt Information Disclosure Vulnerability'...

CVE-2019-1171

CVE-2019-1171 is an information-disclosure vulnerability in SymCrypt during OAEP decryption. The underlying issue is in OAEP decoding operations, allowing an attacker who can log on to an affected system to obtain information that could aid further compromise. The CVE does not enable code executi...

DEBIAN-CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

SymCrypt Information Disclosure Vulnerability

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected...

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

PT-2019-2998 · Symantec +1 · Symcrypt +1

Name of the Vulnerable Software and Affected Versions: SymCrypt affected versions not specified Description: An information disclosure issue exists in SymCrypt during the OAEP decryption stage, allowing an attacker to obtain information that could be used to further compromise the user's system. ...