phpMyAdmin 4.0.10.x < 4.0.10.17 / 4.4.15.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities

Binary data 9538.prm...

OpenSSH < 7.3 Multiple Vulnerabilities

According to its banner, the version of OpenSSH running on the remote host is prior to 7.3. It is, therefore, affected by multiple vulnerabilities : - A local privilege escalation when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files from home directories...

Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)

The version of Oracle Secure Global Desktop installed on the remote host is 4.63, 4.71, or 5.2 and is missing a security patch from the July 2016 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists in the X Server...

Oracle VM VirtualBox < 5.0.22 Multiple Vulnerabilities (July 2016 CPU)

The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.22. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL component : - A heap buffer overflow condition exists in the EVPEncodeUpdate function within file crypto/evp/encode.c that ...

Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)

According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improp...

OpenSSL 1.0.1 < 1.0.1t / 1.0.2 < 1.0.2h Multiple Vulnerabilities

Binary data 9390.prm...

Weakness with cookie encryption

PMASA-2016-29 Announcement-ID: PMASA-2016-29 Date: 2016-07-07 Summary Weakness with cookie encryption Description A pair of vulnerabilities were found affecting the way cookies are stored. The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker...

Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...

用友某重要站点Padding Oracle Vulnerability漏洞可登陆内部系统

简要描述： 用友某重点站点Padding Oracle Vulnerability漏洞，泄露某员工账号，可登录包括邮箱、采购等系统,可作为跳板，严重威胁内网 详细说明： 通过burp抓包可越权访问http://i.yonyou.com,造成信息泄露 利用获取的邮箱，进行找回密码操作，在找回密码第二部页面，存在Padding Oracle Vulnerability漏洞，可以获取敏感信息 利用获取到的敏感信息登录邮箱，mail.yonyou.com也能登录 采购系统 其他系统 img s...

Citrix XenServer Multiple Vulnerabilities (CTX212736)

The version of Citrix XenServer running on the remote host is affected by multiple vulnerabilities in the bundled versions of OpenSSL and QEMU : - Multiple flaws exist in the bundled version of OpenSSL in the aesnicbchmacsha1cipher and aesnicbchmacsha256cipher functions that are triggered when th...

OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108...

Oracle Linux 6 : openssl (ELSA-2016-0996)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0996 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...

openssl security update

1.0.1e-48.1 - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when readi...

openSUSE Security Update : openssl (openSUSE-2016-562)

This update for openssl fixes the following issues : - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 -...

openssl security update

1.0.1e-48.1 - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when readi...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

openssl: Padding oracle in AES-NI CBC MAC check

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...

openssl: Padding oracle in AES-NI CBC MAC check

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...

Amazon Linux: Security Advisory (ALAS-2016-695)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2016-0722)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...