SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-rsa (SUSE-SU-2022:3932-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3932-1 advisory. - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption bsc1178676. Tenable ha...

SUSE: Security Advisory (SUSE-SU-2022:3932-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-20940

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...

CVE-2022-20940

Cisco Firepower Threat Defense (FTD) Software is affected by a Bleichenbacher-related information disclosure in the TLS handler and SSL decryption policy implementation. The root cause is improper countermeasures against Bleichenbacher attacks, allowing an unauthenticated remote attacker to poten...

SUSE-SU-2022:3932-1 Security update for python-rsa

This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption bsc1178676...

Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack Vulnerability

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...

Cisco Firepower Threat Defense 安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense FTD Software is vulnerable to an information disclosure vulnerability that stems from its TLS handler's implementation of improper...

PT-2022-5685 · Cisco · Cisco Ftd

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the TLS handler could allow an unauthenticated, remote attacker to gain access to sensitive information. This issue is due to improper...

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

Linux Gather ManageEngine Password Manager Pro Password Extractor

This module gathers the encrypted passwords stored by Password Manager Pro and decrypt them using key materials stored in multiple configuration files. Module Options msf use post/linux/gather/manageenginepasswordmanagercreds msf postmanageenginepasswordmanagercreds show actions ...actions... msf...

CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

Design/Logic Flaw

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

CVE-2022-24936 Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

CVE-2022-24936

CVE-2022-24936 is a vulnerability in Silicon Labs Gecko Bootloader’s GBL parser, affecting Gecko Bootloader versions 4.0.1 and earlier. The issue is an out-of-bounds error in the GBL parser that could let an attacker overwrite critical flash keys (Sign key and OTA decryption key) through a malici...

PT-2022-16996 · Silicon · Gecko Bootloader

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko Bootloader versions 4.0.1 and earlier Description: The issue is related to an Out-of-Bounds error in the GBL parser, which allows an attacker to overwrite the flash Sign key and OTA decryption key via a malicious bootloader...

CVE-2020-12801

A vulnerability was found in LibreOffice which exists due to an error when processing encrypted files in LibreOffice. If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the passwo...

CVE-2022-38117 Juiker app - Hard-coded Credentials

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...

CVE-2022-27624

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology...

CVE-2022-27624

CVE-2022-27624 affects Synology DiskStation Manager (DSM) on DS3622xs+, FS3410, and HD6500, with DSM versions before 7.1.1-42962-2. The issue is an out-of-bounds operation in the OOB (Out-of-Band) Management packet decryption that can allow remote attackers to execute arbitrary commands over the ...