Yealink Config Encrypt Tool Security Vulnerability

YeaLink Yealink Config Encrypt Tool is a configuration encryption tool from China YeaLink. A security vulnerability exists in Yealink Config Encrypt Tool versions prior to 1.2, which stems from a possible decryption risk when encrypting Autop deployment files with a default key...

CVE-2022-48625

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...

CVE-2022-48625

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...

SUSE CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

CVE-2023-46809

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from a timing difference between the decryption of valid and invalid ciphers, which could allow a remote attacker to decrypt captured RSA ciphers or forge signatures...

CLSA-2024-1708029490 gnutls: Fix of 3 CVEs

Add CVE-2024-0567 PoC test - Remove src.rpm from sources - CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack - CVE-2024-0553: minimize branching after decryption...

CLSA-2024-1708029216 gnutls: Fix of 3 CVEs

Add CVE-2024-0567 PoC test - Remove src.rpm from sources - CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack - CVE-2024-0553: minimize branching after decryption...

SUSE CVE-2023-33850

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2022-34310

IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441...

CVE-2022-34310

The CVE-2022-34310 issue affects IBM CICS TX Standard and Advanced 11.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Public documents confirm affected products and versions (IBM CICS TX Standard and IBM CICS TX Advanced, 11....

Rhysida Ransomware Cracked, Free Decryption Tool Released

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and...

IBM CICS TX Standard 加密问题漏洞

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard has a cryptographic issue vulnerability that stems from the use ...

PT-2024-2706

Name of the Vulnerable Software and Affected Versions: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched Description: The issue is related to the use of hidden side channels in the PrivateDecrypt function of th...

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

IBM Java 8.0 < 8.0.8.20

The version of IBM Java installed on the remote host is prior to 8.0 8.0.8.20. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update February 2024 advisory. - IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based...

Design/Logic Flaw

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222...

Observable Discrepancy

Overview Affected versions of this package are vulnerable to Observable Discrepancy due to the implementation of the SP Math All RSA when built with specific configuration options. An attacker can decrypt ciphertexts and forge signatures after probing with a large number of test observations...

DEBIAN-CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...