New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale POS restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed "ModPipe" — impacts Oracle MICROS Restaurant...

PT-2020-16151 · Python +3 · Python-Rsa +3

Name of the Vulnerable Software and Affected Versions: python-rsa affected versions not specified Description: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with...

Insecure RSA Decryption (Bleichenbacher Timing Attack)

rsa is using insecure RSA Decryption and is vulnerable to Bleichenbacher Timing attack. The library provides enough of a timing side channel to mount a Bleichenbacher style attack as it uses timed processing of valid PKCS1 v1.5 ciphertext...

CVE-2020-25658

A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

Nextcloud Server Encryption Issue Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server 18.0.4, which stems from too small a random character set being used for encryption, making decryption tim...

Design/Logic Flaw

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

Ubuntu: Security Advisory (USN-4613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-rsa (EulerOS-SA-2020-2390)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : python-cryptography vulnerability (USN-4613-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4613-1 advisory. Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expo...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2020-2371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4613-1: python-cryptography vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information...

USN-4613-1 python-cryptography vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information...

EulerOS 2.0 SP2 : python-rsa (EulerOS-SA-2020-2390)

According to the version of the python-rsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., ...

CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended...

Nextcloud Server < 17.0.7, 18.x < 18.0.5 Cryptographic Vulnerability (NC-SA-2020-023)

Nextcloud Server is prone to a cryptographic vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

EulerOS 2.0 SP5 : python-rsa (EulerOS-SA-2020-2267)

According to the version of the python-rsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., ...

Widevine-L3-Decryptor - A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM

Widevine is a Google-owned DRM system that's in use by many popular streaming services Netflix, Spotify, etc. to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software i.e no hardware TEEs,...

GHSA-2XWP-M7MQ-7Q3R CLI does not correctly implement strict mode

In the affected versions, the AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the...