1038 matches found
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...
CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
CVE-2018-16868
CVE-2018-16868 concerns a Bleichenbacher-type side-channel padding oracle in GnuTLS during PKCS#1 v1.5 RSA verification. The provided documents indicate this affects GnuTLS across Linux distributions (e.g., Red Hat). The attack requires local access on the same physical core as the victim process...
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...
CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...
CVE-2018-16869
CVE-2018-16869 is a Bleichenbacher-type side-channel padding oracle vulnerability in the nettle cryptographic library, caused by how nettle handles endian conversion of RSA-decrypted PKCS#1 v1.5 data. Exploitation could allow an attacker on the same physical core to extract plaintext or, in some ...
PT-2018-2490 · Gnu +4 · Nettle +4
Name of the Vulnerable Software and Affected Versions: Nettle affected versions not specified Description: The issue is related to a Bleichenbacher type side-channel based padding oracle attack in the way Nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. This could allow an...
U.S. Dept Of Defense: Padding Oracle ms10-070 in the a DoD website (https://██████/)
Hi there i found a Padding Oracle ms10-070 in the following website: https://█████████/ In the following steps i will demonstrate how to reproduce the vulnerability. POC: 1ºGo to the following url: https://████/ you will see in the source code off the page something like "WebResource.axd?d="...
Primetek Primefaces Weak Encryption Remote Code Execution (CVE-2017-1000486)
Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password...
GHSA-9GP4-QRFF-C648 Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
Citrix StorageZones Controller Improper Access Restrictions / Traversal
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Citrix StorageZones Controller vulnerable version: all versions before 5.4.2 fixed version: 5.4.2 CVE number: CVE-2018-16968,...
Citrix StorageZones Controller Improper Access Restrictions / Traversal Exploit
Citrix StorageZones Controller versions prior to 5.4.2 suffer from padding oracle, improper access restriction, and path traversal vulnerabilities. ======================================================================= title: Multiple Vulnerabilities product: Citrix StorageZones Controller...
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products
There is a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability c...