Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python rsa vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-13757
Python-RSA prior to 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an malicious user to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects a...
Python-rsa Project Python-rsa
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 14.04
1 Github repository
5.9
CVSSv3
CVE-2020-25658
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Python-rsa Project Python-rsa
Redhat Openstack Platform 16.0
Redhat Openstack Platform 13.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
1 Github repository
5.3
CVSSv3
CVE-2016-1494
The verify function in the RSA package for Python (Python-RSA) prior to 3.3 allows malicious users to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
Python Rsa
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Opensuse Leap 42.1
5 Github repositories
5.9
CVSSv3
CVE-2020-25659
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
Python-cryptography Project Python-cryptography 3.2
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
1 Github repository
7.5
CVSSv3
CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote malicious user to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Redhat Ansible Automation Platform 2.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Update Infrastructure 4
Python-cryptography Project Python-cryptography
7.5
CVSSv3
CVE-2020-26263
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng prior to 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multip...
Tlslite-ng Project Tlslite-ng
Tlslite-ng Project Tlslite-ng 0.8.0
6 Github repositories
7.5
CVSSv3
CVE-2017-11424
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not a...
Pyjwt Project Pyjwt
Debian Debian Linux 8.0
Debian Debian Linux 9.0
3 Github repositories
7.5
CVSSv3
CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions prior to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote malicious users to conduct brute force guessing attacks against cryptographic keys.
Openssl Openssl
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
3 EDB exploits
22 Github repositories
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
NA
CVE_2022_21882
OSEP-Notes Initial Access HTA Fileless Initial Access Reverse Shell (AppLocker + CLM + Defender Bypass) Scenario: You can make a user execute your malicious HTA files, but AppLocker, CLM, and Defender block all payloads. To get a fileless reverse shell, one method that worked for...
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started