GHSA-RH63-9QCF-83GF Marvin Attack of RSA and RSAOAEP decryption in jsrsasign

Impact RSA PKCS1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability. Patches update to jsrsasign 11.0.0. Workarounds Find and replace RSA and RSAOAEP decryption with other crypto library. References https://people.redhat.com/hkario/marvin/...

Marvin Attack of RSA and RSAOAEP decryption in jsrsasign

Impact RSA PKCS1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability. Patches update to jsrsasign 11.0.0. Workarounds Find and replace RSA and RSAOAEP decryption with other crypto library. References https://people.redhat.com/hkario/marvin/...

Nettle: Denial of Service

Background Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Description Multiple vulnerabilities have been...

GLSA-202401-24 : Nettle: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202401-24 Nettle: Denial of Service - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application...

EulerOS 2.0 SP11 : linux-sgx (EulerOS-SA-2023-3047)

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a...

EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2023-3111)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq...

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-09027)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

nss security update

An update is available for nss. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

Authorization

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2023-49256

CVE-2023-49256 allows unauthenticated retrieval of a device’s configuration backup and decryption of passwords, using a hardcoded static key. Red Hat’s linked entries reiterate the issue and describe the root cause as hardcoded credentials embedded in the device, enabling confidentiality impact (...

OESA-2024-1042 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2024-1043 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

PyCryptodome < 3.19.1 Side Channel Leak

The version of PyCryptodome installed on the remote host is prior to 3.19.1. It is, therefore, affected by a vulnerability. - A side-channel leakage with OAEP decryption could be exploited to carry out a Manger attack. CVE-2023-52323 Note that Nessus has not tested for this issue but has instead...

Ransomware review: January 2024

This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims

A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest...

Moderate: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...