Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)

Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...

EulerOS 2.0 SP2 : nettle (EulerOS-SA-2020-2371)

According to the version of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5...

EulerOS Virtualization 3.0.2.2 : nettle (EulerOS-SA-2020-2206)

According to the version of the nettle package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2020-2206)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Security vulnerabilities in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance (CVE-2018-15473, CVE-2019-1559)

Summary The OpenSSH and OpenSSL packages are shipped with IBM Security Access Manager Appliances. These vulnerabilities have been fixed. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2020-2069)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : nettle (EulerOS-SA-2020-2069)

According to the version of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-4504-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4504-1 advisory. Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie- Hellman ciphersuites in the TLS...

USN-4504-1: OpenSSL vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

USN-4504-1 openssl, openssl1.0 vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

GHSA-5V7R-JG9R-VQ44 Insecure Cryptography Algorithm in simple-crypto-js

Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...

Insecure Cryptography Algorithm in simple-crypto-js

Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...

Security Bulletin: OpenSSL (Publicly disclosed vulnerability) for IBM b-type switches and directors

Summary Fixes are released for OpenSSL Publicly disclosed vulnerability for IBM b-type switches and directors. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group...

CVE-2020-8911

A flaw was found in the AWS S3 Crypto SDK that allows users to encrypt files stored in S3 buckets with AES-CBC, without computing a MAC on the data. This allows for a padding oracle, enabling attackers with both write access to the target S3 bucket and the ability to observe the result of valid...

CVE-2020-8911

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

CVE-2020-8911

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

Design/Logic Flaw

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

CVE-2020-8911

CVE-2020-8911 describes a padding oracle in the AWS S3 Crypto SDK for Go (older GoLang S3 encryption client). The vulnerability arises because AES-CBC encryption was used without a MAC, enabling an attacker with write access to the target S3 bucket to observe decryption outcomes and reconstruct p...

CVE-2020-8911 CBC padding oracle in AWS S3 Crypto SDK for GoLang

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

PT-2020-20364 · Amazon Web Services · Aws S3 Crypto Sdk For Golang

Name of the Vulnerable Software and Affected Versions: AWS S3 Crypto SDK for GoLang versions prior to V2 Description: A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang, allowing an attacker with write access to the target's S3 bucket and the ability to observe decryption...