Lucene search
K

192 matches found

Qualys Blog
Qualys Blog
added 2019/04/22 8:40 a.m.2044 views

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...

4.3CVSS6.9AI score0.17139EPSS
Exploits0
OSV
OSV
added 2019/02/22 11:29 p.m.5 views

CVE-2019-6485

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller ADC 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10....

5.9CVSS5.8AI score0.02315EPSS
Exploits0References3
OSV
OSV
added 2019/02/21 3:29 a.m.38 views

UBUNTU-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS5.8AI score0.01089EPSS
Exploits0References4
OSV
OSV
added 2019/02/21 3:29 a.m.3 views

DEBIAN-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS7AI score0.01089EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/02/21 3:29 a.m.33 views

CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS7.1AI score0.01089EPSS
Exploits0References3
Prion
Prion
added 2019/02/18 8:29 p.m.10 views

Code injection

The seadroid aka Seafile Android Client application through 2.2.13 for Android always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

5CVSS7.4AI score0.01444EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/07/28 5:29 p.m.1 views

DEBIAN-CVE-2018-0498

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...

4.7CVSS5.1AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2018/07/24 3:29 p.m.5 views

UBUNTU-CVE-2017-3226

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption i.e., setting the configuration parameter CONFIGENVAES=y read environment variables from disk as the encrypte...

6.4CVSS6.6AI score0.00266EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.34 views

Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)

Summary SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the “BEAST” attack. SSL protocol is used by the IBM FlashSystem V840. Vulnerability Details CVE-ID: CVE-2011-3389 DESCRIPTION: Multiple products could allow a remote attacker to obtain...

4.3CVSS0.4AI score0.73327EPSS
Exploits4Affected Software1
OSV
OSV
added 2018/05/16 7:29 p.m.3 views

UBUNTU-CVE-2017-17689

The S/MIME specification allows a Cipher Block Chaining CBC malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL...

5.9CVSS6.6AI score0.04219EPSS
Exploits2References6
OSV
OSV
added 2018/05/16 7:29 p.m.16 views

CVE-2017-17689

The S/MIME specification allows a Cipher Block Chaining CBC malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL...

5.9CVSS6.5AI score
Exploits0References6
OSV
OSV
added 2018/05/16 7:29 p.m.2 views

DEBIAN-CVE-2017-17689

The S/MIME specification allows a Cipher Block Chaining CBC malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL...

5.9CVSS6.8AI score0.04219EPSS
Exploits2References1
OSV
OSV
added 2017/12/31 2:29 a.m.5 views

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

7.4CVSS5.7AI score0.00999EPSS
Exploits0References1
Broadcom
Broadcom
added 2017/09/29 12:0 a.m.7 views

BSA-2017-445

Security Advisory ID : BSA-2017-445 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...

6.4CVSS6.3AI score0.00266EPSS
Exploits0
CNVD
CNVD
added 2017/09/06 12:0 a.m.5 views

SimpleSAMLphp CBC Mode Encryption Unauthentication Vulnerability

SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider features . A security vulnerability exists in SimpleSAMLphp 1.14.12 and earlier versions. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack a...

5.9CVSS5.7AI score0.00875EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/08/10 12:0 a.m.5 views

The vulnerability of the mod_session_crypto module in the Apache HTTP Server allows attackers to perform attacks like Padding Oracle.

The vulnerability of the modsessioncrypto module in the Apache HTTP Server is related to encryption algorithm errors. The modsessioncrypto module encrypts its data/cookies using configured encryption algorithms with CBC or ECB modes AES256-CBC by default. Therefore, there is no optional or built-...

5CVSS7.2AI score0.49024EPSS
Exploits4References7
PyPA
PyPA
added 2017/08/09 4:29 p.m.9 views

PYSEC-2017-50

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode...

7.5CVSS7AI score0.01497EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/07/27 9:29 p.m.8 views

DEBIAN-CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS7.6AI score0.49024EPSS
Exploits4References1
OSV
OSV
added 2017/06/30 12:29 p.m.4 views

CVE-2017-10668

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET. Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the...

5.9CVSS5.8AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2017/03/03 4:59 p.m.3 views

CVE-2016-6884

TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service out-of-bounds read via a crafted message...

6.5CVSS5.8AI score0.01329EPSS
Exploits0References3
Rows per page
Query Builder