56 matches found
LibreOffice 安全特征问题漏洞
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...
Apache Doris 信任管理问题漏洞
Apache Doris is a modern MPP analytics database product from the Apache Foundation, USA. An information disclosure vulnerability exists in versions of Apache Doris prior to 1.0.0, which stems from the use of hard-coded keys and IVs to initialize the cipher used for ldap passwords. An attacker cou...
The vulnerability of the AES GCM encryption function of the authentication and authorization module for the Apache 2.x HTTP server Mod_auth_openidc allows a perpetrator to access confidential data.
The vulnerability of the AES GCM module’s authentication and authorization function for the Apache 2.x HTTP server Modauthopenidc is related to the use of static IVs and AADs. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...
mod_auth_openidc 安全特征问题漏洞
modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. A security vulnerability exists in Zmartzone modauthopenidc that stems from...
DoraCMS 加密问题漏洞
DoraCMS is based on Nodejs+eggjs+mongodb written a content management system . An encryption issue vulnerability exists in DoraCMS 2.1.1 and earlier versions. The vulnerability arises because the program does not use AES-CBC encryption with random salts or IVs, which makes user-encrypted password...
Impero Education Pro is vulnerable
Impero Education Pro is an education management solution from Impero, Inc. that integrates classroom management, desktop management, and computer monitoring software into one package. Impero Education Pro versions prior to 5105 have a security vulnerability. Since the program uses hard-coded CBC...
Oracle Solaris Third-Party Patch Update : fetchmail (multiple_vulnerabilities_in_fetchmail) (BEAST)
The remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained...
FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)
Matthias Andree reports : Fetchmail version 6.3.9 enabled 'all SSL workarounds' SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
CVE-2011-3389
CVE-2011-3389 is the BEAST information-disclosure vulnerability in TLS/SSL CBC-mode encryption, allowing a network attacker to glean plaintext headers under certain configurations (e.g., when CBC with chained IVs is used and the attacker can inject/observe traffic). The connected documents show m...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
DEBIAN-CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
Design/Logic Flaw
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...