openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process could use this to extract plain text or, in some cases,...

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1552, CVE-2019-1563)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions,...

shiro: Cookie padding oracle vulnerability with default configuration

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2020-1313)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : nettle (EulerOS-SA-2020-1313)

According to the version of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5...

Important: openssl

Issue Overview: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a grou...

EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1274)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...

CVE-2019-12121

The CVE-2019-12121 entry concerns ONAP Portal (Dublin) and describes a padding oracle weakness in the ONAPPORTAL/processSingleSignOn UserId field. Attackers could decrypt information encrypted with the same symmetric key as UserId, affecting all Portal deployments. The connected Red Hat and other...

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...

Security Bulletin: OpenSSL publicly disclosed vulnerability

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in...

EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2020-1221)

According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an...

NewStart CGSL MAIN 4.05 : openssl Vulnerability (NS-SA-2020-0019)

The remote NewStart CGSL host, running version MAIN 4.05, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...

Palo Alto Networks PAN-OS 7.1 < 7.1.25 / 8.0 < 8.0.20 / 8.1 < 8.1.8 / 9.0 < 9.0.2 OpenSSL Vulnerability

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: OpenSSL vulnerabilites - CVE-2019-1559, CVE-2018-0734 Linux Kernel vulnerabilites - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an...

Amazon Linux AMI : openssl (ALAS-2020-1344)

The version of openssl installed on the remote host is prior to 1.0.2k-16.151. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1344 advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

Low: openssl

Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...