CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)

According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

openssl: 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

openssl: 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

Padding Oracle Attack

Apache Shiro is vulnerable to padding oracle attack. The attack is possible as it adopts RememberMe configuration for cookies as a default and uses CBC mode of encryption, which would allow an attacker to perform a Java deserialization attack that results in remote code execution...

Amazon Linux 2 : openssl (ALAS-2019-1362)

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

DEBIAN-CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

Buffer overflow

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

CVE-2010-3299

CVE-2010-3299 : The initial description indicates a padding oracle vulnerability in the encrypt/decrypt functions of Ruby on Rails 2.3. Connected documentation confirms this CVE and reiterates the padding oracle issue but does not provide specifics on affected versions beyond Rails 2.3, nor detai...

Low: openssl

Issue Overview: No CVE associated with this advisory Affected Packages: openssl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update openssl or yum update...

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-2216)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

EulerOS 2.0 SP3 : openssl1.1.0f (EulerOS-SA-2019-2254)

According to the versions of the openssl1.1.0f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2264)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████

Description We were able to identify CVE-2018-2879 in Oracle Access Manager, used on the https://██████ Link to the CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-2879 This vulnerability is rated critical, and may allow unauthenticated attacker with network access via HTTP to compromise Oracle...