Lucene search
K

307 matches found

RedHat Linux
RedHat Linux
added 2016/05/09 9:28 a.m.5 views

openssl: Padding oracle in AES-NI CBC MAC check

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...

5.9CVSS6.9AI score0.89058EPSS
Exploits6References5
OSV
OSV
added 2016/05/05 1:59 a.m.1 views

DEBIAN-CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

5.9CVSS9AI score0.89058EPSS
Exploits6References1
CNVD
CNVD
added 2016/05/04 12:0 a.m.5 views

OpenSSL Cipher Stuffing Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. OpenSSL suffers fr...

5.9CVSS7.4AI score0.89058EPSS
Exploits6References1
CNVD
CNVD
added 2015/11/26 12:0 a.m.5 views

SAP Manufacturing Integration and Intelligence Encryption Downgrade Vulnerability

SAP Manufacturing Integration and Intelligence also known as MII, formerly known as xMII is a set of Germany's SAP SAP will be the core of the manufacturing system and enterprise process integration platform. The platform provides for enterprises to freely create a blend of manufacturing executio...

5CVSS6.9AI score0.00968EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2015/10/30 10:28 a.m.22 views

CVE-2005-1797

The design of Advanced Encryption Standard AES, aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations...

5.1CVSS7.3AI score0.0074EPSS
Exploits0References2
CNVD
CNVD
added 2015/06/10 12:0 a.m.1 views

Kankun Smart Socket Device and Mobile Application Local Security Bypass Vulnerability

Kankun Smart Socket device is a wireless smart socket. mobile application is a mobile application for wireless smart socket. The Kankun Smart Socket device and mobile application use hard-coded AES 256-bit keys, which allow remote attackers to sniff the network, obtain sensitive information or...

6.8CVSS6.7AI score0.02364EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2015/05/12 3:43 p.m.6 views

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...

9.3CVSS6.8AI score0.10108EPSS
Exploits0References4
CNVD
CNVD
added 2015/04/26 12:0 a.m.2 views

Linux kernel AESNI buffer overflow vulnerability

Linux kernel is an open source operating system. A buffer overflow vulnerability exists in the 'driverrfc4106decrypt' function in the Linux kernel /arch/x86/crypto/aesni-intelglue.c file, which allows a local attacker to exploit the vulnerability by sending specially crafted IPSec packets to cras...

9.3CVSS6.8AI score0.10108EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.46 views

RHEL 5 : JBoss Enterprise Web Platform 5.2.0 update (Important) (RHSA-2013:0196)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0196 advisory. An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduc...

10CVSS8.4AI score0.15561EPSS
Exploits7References32
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.62 views

RHEL 4 : JBoss EWP (RHSA-2013:0197)

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS7.8AI score0.15561EPSS
Exploits7References30
The Hacker News
The Hacker News
added 2014/10/14 11:44 p.m.12 views

POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer SSL 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2014/05/28 6:25 a.m.28 views

Beware Of Fake 'HeartBleed Bug Remover Tool', Hijacks System with Malware

I am considering that you all must have read my last article on OpenSSL Heartbleed, a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data, that the server did not...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/04/28 4:43 p.m.7 views

cumin: weak password hashing

Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack...

5CVSS5.8AI score0.01148EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2014/01/10 3:24 a.m.24 views

Hackers behind TARGET data breach looking for Pro-cracker to decrypt Credit card PINs

I think you haven’t forgotten the massive data breach occurred at TARGET, the third-largest U.S. Retailer during last Christmas Holidays. People shop during Black Friday sales in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the...

6.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/02/20 9:33 p.m.8 views

jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key

A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...

5.9CVSS6.5AI score0.01756EPSS
Exploits0References5
OSV
OSV
added 2013/02/08 7:55 p.m.1 views

DEBIAN-CVE-2012-2686

crypto/evp/eaescbchmacsha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service application crash via crafted CBC data...

5CVSS9.1AI score0.39593EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2013/01/24 6:31 p.m.6 views

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update

Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common...

10CVSS7.7AI score0.15561EPSS
Exploits7References17
OSV
OSV
added 2012/09/15 5:55 p.m.3 views

UBUNTU-CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS5.8AI score0.02447EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2012/06/27 3:44 p.m.6 views

crypt(): DES encrypted password weakness

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

4.3CVSS7.4AI score0.05734EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/06/25 6:5 p.m.5 views

crypt(): DES encrypted password weakness

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

4.3CVSS7.3AI score0.05734EPSS
Exploits0References4
Rows per page
Query Builder