Exponent CMS 2.6 - Multiple Vulnerabilities

Exploit Title: Exponent CMS 2.6 - Multiple Vulnerabilities Exploit Author: heinjame Exploit Author: picaroo Vendor Homepage: https://www.exponentcms.org/ Version: http://127.0.0.1:8082/expcms/text/edit/id/id/src/@footer Title, Text Block Payload = " Database credential are disclosed in response P...

Exponent CMS 2.6 - Multiple Vulnerabilities

Exploit Title: Exponent CMS 2.6 - Multiple Vulnerabilities Exploit Author: heinjame Date: 22/10/2021 Exploit Author: picaroo Vendor Homepage: https://www.exponentcms.org/ Version: http://127.0.0.1:8082/expcms/text/edit/id/id/src/@footer Title, Text Block Payload = " Database credential are...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2661)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows...

libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm

A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality...

RLSA-2021:4409 Moderate: libgcrypt security and bug fix update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm CVE-2021-33560 For more details about the security issue...

[SECURITY] Fedora 34 Update: python-mpmath-1.2.1-2.fc34

Mpmath is a pure-Python library for multiprecision floating-point arithmetic. It provides an extensive set of transcendental functions, unlimited exponent sizes, complex numbers, interval arithmetic, numerical integration and differentiation, root-finding, linear algebra, and much more. Almost an...

Crypto++ 加密问题漏洞

Crypto++ is a C++ cryptographic method library A security vulnerability exists in Crypto++ 8.5 and earlier versions, which stems from the fact that a certain dangerous combination of a prime number defined by the receiver's public key, a generator defined by the receiver's public key, and a...

Uncontrolled Resource Consumption in parse_duration

An issue was discovered in the parseduration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service CPU and memory consumption via a duration string with a large exponent...

GHSA-QPGV-G792-WH6X Uncontrolled Resource Consumption in parse_duration

An issue was discovered in the parseduration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service CPU and memory consumption via a duration string with a large exponent...

Design/Logic Flaw

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method...

OPENSUSE-SU-2021:2157-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding bsc1187212...

多款Qualcomm芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. The Qualcomm chip suffers from a buffer error vulnerability that stems...

SUSE-SU-2021:2157-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding bsc1187212...

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm and the window size is not chosen appropriately. This for example affects use of ElGamal in OpenPGP.

...

ALPINE-CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

DEBIAN-CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

UBUNTU-CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

CVE-2021-33560

CVE-2021-33560 affects Libgcrypt 1.8.x (before 1.8.8) and 1.9.x (before 1.9.3). The issue is a mishandling of ElGamal due to lack of exponent blinding in mpi_powm and improper window size, enabling side-channel leakage in OpenPGP scenarios. Affected products include environments using libgcrypt w...

Denial Of Service (DoS)

go is vulnerable to denial of service. The vulnerability exists due to the SetString and UnmarshalText methods of math/big.Rat may cause the system to hang if it is passed with a very large exponent input...