134 matches found
Ubuntu 14.04 LTS / 16.04 LTS : Erlang vulnerabilities (USN-3571-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3571-1 advisory. It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to...
USN-3571-1: Erlang vulnerabilities
It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...
X (Formerly Twitter): POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)
Summary: POODLE SSLv3 bug on multiple twitter smtp servers Description: CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle...
Timing Attack
crypto/elliptic in github.com/golang/go is vulnerable to timing attacks. The TLS protocol implemented does not check MAC addresses in constant time when processing a malformed CBC padding. This is also known as the "Lucky Thirteen" attack...
OpenSSH < 7.5
According to its banner, the version of OpenSSH running on the remote host is prior to 7.5. It is, therefore, affected by an information disclosure vulnerability : - An unspecified timing flaw exists in the CBC padding oracle countermeasures, within the ssh and sshd functions, that allows an...
Timing Attacks
OpenSSL is vulnerable to timing attacks. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2 doesn't check MAC addresses in constant time during the processing of a malformed CBC padding. This is also known as the "Lucky Thirteen" issue...
Information Disclosure
OpenSSL is vulnerable to information disclosure. This is possible because the SSL protocol 3.0 uses a nondeterministic CBC padding allowing attackers to perform man-in-the-middle MitM attacks. This is also known as the POODLE issue...
CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
Design/Logic Flaw
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
OpenSSH < 7.3 Multiple Vulnerabilities
According to its banner, the version of OpenSSH running on the remote host is prior to 7.3. It is, therefore, affected by multiple vulnerabilities : - A local privilege escalation when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files from home directories...
OpenSSH 7.x < 7.3 Multiple Vulnerabilities
Binary data 9507.prm...
DEBIAN-CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...
CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...
Code injection
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...
CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...
UBUNTU-CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...
CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...
SUSE SLED11 / SLES11 Security Update : gnutls (SUSE-SU-2015:1526-1) (Logjam)
This security update of gnutls fixes the following issues : - use minimal padding for CBC, the default random length padding causes problems with some servers bsc925499 - added gnutls-useminimalcbcpadding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 - CVE-2015-4000...