Lucene search
K

673 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 1:14 a.m.28 views

Security Bulletin: Sterling Connect:Enterprise For UNIX and Sterling Connect:Enterprise clients are affected by the POODLE and OpenSSL vulnerabilities (CVE-2014-3566, CVE-2014-3567)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Sterling Connect:Enterprise For UNIX, Sterling Connect:Enterprise Command Line Client, Sterling Connect:Enterprise HTTP Option, and Sterling...

7.1CVSS0.3AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/17 10:47 p.m.36 views

Security Bulletin: Vulnerability in SSLv3 affects Sterling Control Center (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Sterling Control Center Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

4.3CVSS0.2AI score0.99999EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/04 12:0 a.m.268 views

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared...

7.5CVSS7.6AI score0.99999EPSS
Exploits17References19
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/18 1:57 p.m.47 views

Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Cast Iron Cloud integration

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron Cloud integration and has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary...

10CVSS1AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:50 a.m.26 views

Security Bulletin: TLS padding vulnerability affects IBM PureData System for Operational Analytics (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM PureData System for Operational Analytics. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain...

4.3CVSS0.5AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.28 views

Security Bulletin: TLS padding vulnerability affects IBM Netezza Performance Portal (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Netezza Performance Portal. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information...

4.3CVSS0.4AI score0.1372EPSS
Exploits0Affected Software1
CVE
CVE
added 2019/08/23 7:52 p.m.129 views

CVE-2019-5592

CVE-2019-5592 describes padding oracle vulnerabilities in FortiOS SSL Deep Inspection with CBC padding in the FortiOS IPS engine. Affected FortiGate/FortiOS IPS versions (5.000–5.006, 4.000–4.036, 4.200–4.219, and 3.547 and below) configured with SSL Deep Inspection policies and the IPS sensor en...

5.9CVSS5.7AI score0.00706EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2019/08/23 7:52 p.m.13 views

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

6.9AI score0.00706EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/10 2:33 p.m.16 views

Security Bulletin: Vulnerability in SSLv3 affects ITCAM for APPLICATION DIAGNOSTICS Agent for HTTP Servers (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in ITCAM for APPLICATION DIAGNOSTICS Agent for HTTP Servers Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote...

4.3CVSS1.8AI score0.99999EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.25 views

Oracle Java SE 5 < Update 81 / 6 < Update 91 / 7 < Update 75 / 8 < Update 31 Multiple Vulnerabilities (January 2015 CPU) (POODLE)

Binary data 700649.prm...

10CVSS5.3AI score0.99999EPSS
Exploits12References27
Qualys Blog
Qualys Blog
added 2019/04/22 8:40 a.m.2045 views

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...

4.3CVSS6.9AI score0.17139EPSS
Exploits0
Hacker One
Hacker One
added 2019/03/24 6:26 a.m.48 views

MariaDB: smtp service vulnerable to POODLE SSLv3

One of our package servers had an old smtpd service linked with openssl 1.0.1i, which uses nondeterministic CBC padding, making it easy for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. The service has been disabled for the internet, as ...

4.3CVSS5.3AI score0.99999EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/05 12:59 p.m.43 views

Security Bulletin: Vulnerability in SSLv3 affects IBM Personal Communications v6.0.x (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Personal Communications v6.0.x Vulnerability Details CVE-ID: CVE-2014-3566 Description: Product could allow a remote attacker to obtain...

4.3CVSS1.5AI score0.99999EPSS
Exploits7Affected Software1
Prion
Prion
added 2019/02/26 3:29 p.m.21 views

Code injection

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

4.3CVSS5.6AI score0.00653EPSS
Exploits0References1Affected Software12
NVD
NVD
added 2019/02/26 3:29 p.m.26 views

CVE-2019-6593

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

5.9CVSS5.5AI score0.00653EPSS
Exploits0References1
CVE
CVE
added 2019/02/26 3:0 p.m.82 views

CVE-2019-6593

CVE-2019-6593 affects BIG-IP TMM TLS/Client SSL CBC-mode sessions on versions 11.5.1–11.5.4, 11.6.1 and 12.1.0, enabling plaintext recovery via a chosen-ciphertext MITM without server private-key access. F5 advisory K10065173 documents affected branches: 12.x vulnerable in 12.1.0 with fixes in 12...

5.9CVSS4.5AI score0.00653EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/02/26 12:0 a.m.77 views

F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)

A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...

5.9CVSS6.5AI score0.00653EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:10 a.m.33 views

Security Bulletin: Vulnerabilities in SSLv3 affect IBM Flex System Manager (FSM) and compatible IBM Systems Director agents (CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack and other vulnerabilities. SSLv3 is enabled in IBM FSM and compatible IBM Systems Director agents. Vulnerability Details Summary SSLv3 contains a vulnerability that...

7.1CVSS1.3AI score0.99999EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:10 a.m.41 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) (Multiple CVEs)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.6 and 1.7 that is used by IBM Flex System Manager FSM. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were...

10CVSS1AI score0.99999EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:55 a.m.24 views

Security Bulletin: Vulnerability in SSLv3 affects affects IBM Global Console Manager (GCM) and Local Console Manager (LCM) Switches (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Global Console Manager GCM and Local Console Manager LCM Switches. Vulnerability Details Summary SSLv3 contains a vulnerability that has be...

4.3CVSS0.9AI score0.99999EPSS
Exploits7
Rows per page
Query Builder