Lucene search
K

459 matches found

RedHat Linux
RedHat Linux
added 2012/09/24 3:55 p.m.3 views

openssl: record length handling integer underflow

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

6.8CVSS7.4AI score0.28154EPSS
Exploits0References5
NVD
NVD
added 2012/08/26 9:55 p.m.20 views

CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

4.3CVSS5.8AI score0.01667EPSS
Exploits0References6
PyPA
PyPA
added 2012/08/26 9:55 p.m.6 views

PYSEC-2012-13

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

4.3CVSS6.4AI score0.01667EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2012/08/26 9:55 p.m.7 views

UBUNTU-CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

4.3CVSS5.8AI score0.01667EPSS
Exploits0References4
OSV
OSV
added 2012/08/26 9:55 p.m.13 views

PYSEC-2012-13

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

4.3CVSS4.3AI score0.01667EPSS
Exploits0References7
Cvelist
Cvelist
added 2012/08/26 9:0 p.m.26 views

CVE-2012-2146

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

5.7AI score0.01667EPSS
Exploits0References6
CVE
CVE
added 2012/08/26 9:0 p.m.46 views

CVE-2012-2146

CVE-2012-2146 affects Elixir up to at least 0.8.0, where Blowfish in CFB mode is used without a unique initialization vector (IV). This weak IV construction can enable context-dependent users to obtain sensitive information and potentially decrypt the database. The connected documents confirm the...

4.3CVSS5.8AI score0.01667EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2012/08/26 9:0 p.m.22 views

CVE-2012-2146

Removed by vendor...

4.3CVSS6.7AI score0.01667EPSS
Exploits0
FreeBSD
FreeBSD
added 2012/08/26 12:0 a.m.16 views

py39-Elixir -- weak use of cryptography

Red Hat Security Response Team reports: Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

4.3CVSS5.7AI score0.01667EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/01/10 12:0 a.m.95 views

MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

The remote host is affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector IV is selected when operating in cipher-block chaining CBC modes. A man-in-the-middle attacker can exploit this to obtain...

4.3CVSS6.8AI score0.73327EPSS
Exploits4References4
OSV
OSV
added 2010/09/17 6:0 p.m.2 views

DEBIAN-CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...

5CVSS6.1AI score0.02063EPSS
Exploits0References1
OSV
OSV
added 2010/09/17 6:0 p.m.3 views

UBUNTU-CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...

5CVSS5.8AI score0.02063EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.51 views

SuSE9 Security Update : PHP4 (YOU Patch Number 11666)

This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector IV in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

5CVSS6.5AI score0.07919EPSS
Exploits2References14
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.11 views

Gentoo Security Advisory GLSA 200603-15 (crypt-cbc)

The remote host is missing updates announced in advisory GLSA 200603-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.6CVSS6.7AI score0.01397EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2008/05/07 7:28 a.m.6 views

IPSec ESP kernel panics

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service crash via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV...

7.1CVSS5.8AI score0.02452EPSS
Exploits1References4
NVD
NVD
added 2008/02/05 3:0 a.m.25 views

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

2.1CVSS6.2AI score0.00301EPSS
Exploits0References4
Prion
Prion
added 2008/02/05 3:0 a.m.17 views

Default credentials

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

2.1CVSS6.7AI score0.00301EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2008/02/05 2:0 a.m.24 views

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

6.2AI score0.00301EPSS
Exploits0References4
CVE
CVE
added 2008/02/05 2:0 a.m.49 views

CVE-2007-6340

The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...

2.1CVSS6.2AI score0.00301EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.33 views

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

5CVSS6.5AI score0.07919EPSS
Exploits2References18
Rows per page
Query Builder