Lucene search
K

134 matches found

Tenable Nessus
Tenable Nessus
added 2018/02/15 12:0 a.m.40 views

Ubuntu 14.04 LTS / 16.04 LTS : Erlang vulnerabilities (USN-3571-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3571-1 advisory. It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to...

9.8CVSS7AI score0.22098EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2018/02/14 2:54 p.m.125 views

USN-3571-1: Erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...

9.8CVSS6.7AI score0.22098EPSS
Exploits1
Hacker One
Hacker One
added 2017/11/09 9:44 p.m.121 views

X (Formerly Twitter): POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)

Summary: POODLE SSLv3 bug on multiple twitter smtp servers Description: CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle...

4.3CVSS5.2AI score0.99999EPSS
Exploits7
Veracode
Veracode
added 2017/04/27 8:29 a.m.10 views

Timing Attack

crypto/elliptic in github.com/golang/go is vulnerable to timing attacks. The TLS protocol implemented does not check MAC addresses in constant time when processing a malformed CBC padding. This is also known as the "Lucky Thirteen" attack...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/04/13 12:0 a.m.305 views

OpenSSH < 7.5

According to its banner, the version of OpenSSH running on the remote host is prior to 7.5. It is, therefore, affected by an information disclosure vulnerability : - An unspecified timing flaw exists in the CBC padding oracle countermeasures, within the ssh and sshd functions, that allows an...

5.6AI score
Exploits0References1
Veracode
Veracode
added 2017/02/10 5:59 a.m.44 views

Timing Attacks

OpenSSL is vulnerable to timing attacks. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2 doesn't check MAC addresses in constant time during the processing of a malformed CBC padding. This is also known as the "Lucky Thirteen" issue...

2.6CVSS6.4AI score0.35584EPSS
Exploits1References57Affected Software1
Veracode
Veracode
added 2017/02/07 12:5 a.m.60 views

Information Disclosure

OpenSSL is vulnerable to information disclosure. This is possible because the SSL protocol 3.0 uses a nondeterministic CBC padding allowing attackers to perform man-in-the-middle MitM attacks. This is also known as the POODLE issue...

4.3CVSS4.3AI score0.99999EPSS
Exploits7References1057Affected Software1
NVD
NVD
added 2016/09/08 4:59 p.m.19 views

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

4.3CVSS4AI score0.01647EPSS
Exploits0References4
OSV
OSV
added 2016/09/08 4:59 p.m.4 views

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

3.7CVSS5.7AI score
Exploits0References4
Prion
Prion
added 2016/09/08 4:59 p.m.16 views

Design/Logic Flaw

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

4.3CVSS6.7AI score0.01647EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/09/08 4:0 p.m.27 views

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

3.9AI score0.01647EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/08/29 12:0 a.m.1648 views

OpenSSH < 7.3 Multiple Vulnerabilities

According to its banner, the version of OpenSSH running on the remote host is prior to 7.3. It is, therefore, affected by multiple vulnerabilities : - A local privilege escalation when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files from home directories...

7.8CVSS6.9AI score0.88944EPSS
Exploits17References5
Tenable Nessus
Tenable Nessus
added 2016/08/12 12:0 a.m.33 views

OpenSSH 7.x < 7.3 Multiple Vulnerabilities

Binary data 9507.prm...

7.8CVSS7.3AI score0.88944EPSS
Exploits17References4
OSV
OSV
added 2016/04/07 9:59 p.m.2 views

DEBIAN-CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

5.9CVSS6.2AI score0.01899EPSS
Exploits0References1
NVD
NVD
added 2016/04/07 9:59 p.m.12 views

CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

5.9CVSS4.4AI score0.01899EPSS
Exploits0References8
Prion
Prion
added 2016/04/07 9:59 p.m.21 views

Code injection

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

4.3CVSS4.3AI score0.99999EPSS
Exploits7References8Affected Software3
Debian CVE
Debian CVE
added 2016/04/07 9:0 p.m.70 views

CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

5.9CVSS6.5AI score0.01899EPSS
Exploits0
OSV
OSV
added 2016/04/07 12:0 a.m.3 views

UBUNTU-CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

5.9CVSS6.6AI score0.01899EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/04/07 12:0 a.m.21 views

CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

5.9CVSS6.6AI score0.01899EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/09/11 12:0 a.m.60 views

SUSE SLED11 / SLES11 Security Update : gnutls (SUSE-SU-2015:1526-1) (Logjam)

This security update of gnutls fixes the following issues : - use minimal padding for CBC, the default random length padding causes problems with some servers bsc925499 - added gnutls-useminimalcbcpadding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 - CVE-2015-4000...

4.3CVSS7.2AI score0.9986EPSS
Exploits1References5
Rows per page
Query Builder