Crlf injection

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

UBUNTU-CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

PyCryptodome Security Vulnerabilities

PyCryptodome is a standalone Python low-level cryptographic primitive package from the individual developer Helder Eijs. A security vulnerability exists in PyCryptodome versions prior to 3.19.1, which stems from a side-channel leak in OAEP decryption...

CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

CVE-2023-52323

Summary of CVE-2023-52323 (CVE entry with concrete details): The IBM bulletin notes that PyCryptodome and pycryptodomex prior to 3.19.1 allow side-channel leakage during OAEP decryption, enabling a Manager attack scenario. In the connected IBM Storage Defender Sentinel Anomaly Scan Engine advisor...

CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

PT-2024-1077 · Pypi +9 · Pycryptodome +9

Name of the Vulnerable Software and Affected Versions: PyCryptodome and pycryptodomex versions prior to 3.19.1 Description: The issue is related to side-channel leakage for OAEP decryption, which can be exploited for a Manger attack. This allows a remote attacker to gain unauthorized access to...

RansomwareSim - A Simulated Ransomware

Overview RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be use...

CVE-2023-50350

HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information...

HCL Technologies DRYiCE MyXalytics Encryption Issue Vulnerability

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics that stems from being affected by encryption using a corrupted encryption algorithm, which could allow an attacker to...

Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6564-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6564-1 advisory. Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...

Oops! Black Basta ransomware flubs encryption

Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Bast...

PT-2024-13920 · Hcl · Hcl Dryice Myxalytics

Name of the Vulnerable Software and Affected Versions: HCL DRYiCE MyXalytics affected versions not specified Description: The issue is related to the use of a broken cryptographic algorithm for encryption in HCL DRYiCE MyXalytics, which could allow an attacker to decrypt sensitive information...

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...

SUSE SLES15: gnutls / libgnutls-devel / libgnutls30 / libgnutls30-32bit / etc (SUSE-SU-2023:4952-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4952-1 advisory. - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange bsc1208143. - CVE-2023-5981: Fixed timing side-channel...

BlackCat Ransomware Raises Ante After FBI Disruption

The U.S. Federal Bureau of Investigation FBI disclosed today that it infiltrated the worlds second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gangs darknet website, and released a decryption tool that hundreds of victim...

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

The U.S. Justice Department DoJ has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigati...