python-rsa: decryption of ciphertext leads to DoS

A flaw was found in the python-rsa package, where it does not explicitly check the ciphertext length against the key size and ignores the leading 0 bytes during the decryption of the ciphertext. This flaw allows an attacker to perform a ciphertext attack, leading to a denial of service. The highe...

CVE-2020-13757

A flaw was found in the python-rsa package, where it does not explicitly check the ciphertext length against the key size and ignores the leading 0 bytes during the decryption of the ciphertext. This flaw allows an attacker to perform a ciphertext attack, leading to a denial of service. The highe...

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

Amazon Linux AMI : nss, nss-softokn, nss-util, nspr (ALAS-2020-1355)

The version of nspr installed on the remote host is prior to 4.21.0-1.43. The version of nss installed on the remote host is prior to 3.44.0-7.84. The version of nss-softokn installed on the remote host is prior to 3.44.0-8.44. The version of nss-util installed on the remote host is prior to...

Bit-Flipping Attack

Amendment This was deemed not a vulnerability. Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Bit-Flipping Attack via the ciphertext function. AES-256-CBC, the construct used in parsel.rb, has no integrity check i.e., the...

EulerOS 2.0 SP5 : nss (EulerOS-SA-2019-2174)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...

EulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-1979)

According to the version of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of...

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

Weak Authentication

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

CVE-2019-6593

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

CVE-2019-6593

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

Code injection

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

CVE-2019-6593

CVE-2019-6593 affects BIG-IP TMM TLS/Client SSL CBC-mode sessions on versions 11.5.1–11.5.4, 11.6.1 and 12.1.0, enabling plaintext recovery via a chosen-ciphertext MITM without server private-key access. F5 advisory K10065173 documents affected branches: 12.x vulnerable in 12.1.0 with fixes in 12...

F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)

A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...

CentOS 7 : thunderbird (CESA-2018:1725)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3660-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3660-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

RHEL 6 : thunderbird (RHSA-2018:1726)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1726 advisory. - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Use-after-free with SVG animations and clip...

Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...