CVE-2018-3616

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network...

PT-2018-1597 · Intel · Intel Active Management Technology +2

Name of the Vulnerable Software and Affected Versions: Intel Active Management Technology versions prior to 12.0.5 Description: A Bleichenbacher-style side channel vulnerability exists in the TLS implementation of Intel Active Management Technology. This issue may allow an unauthenticated user to...

tlslite-ng off-by-one error on mac checking

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line endpos = datalen - 1 - mac.digestsize that can...

GHSA-CWH5-3CW7-4286 tlslite-ng off-by-one error on mac checking

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line endpos = datalen - 1 - mac.digestsize that can...

CVE-2018-1000159

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

CVE-2018-1000159

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

CVE-2018-1000159

Removed by vendor...

Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF

We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...

Code injection

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

CVE-2018-5762

Unisys ClearPath MCP TCP/IP networking module TLS implementation is vulnerable to a Bleichenbacher RSA padding oracle (ROBOT) leading to possible decryption of TLS ciphertext. Affected versions are TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044. The CNVD entr...

CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5

Some TLS implementations handle errors processing RSA key exchanges and encryption PKCS 1 v1.5 messages in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when th...

Debian DSA-4072-1 : bouncycastle - security update

Hanno Boeck, Juraj Somorovsky and Craig Young discovered that the TLS implementation in Bouncy Castle is vulnerable to an adaptive chosen ciphertext attack against RSA keys. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

MGASA-2017-0361 Updated firefox packages fix security vulnerabilities

A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the...

IBM Domino Authentication Bypass Vulnerability

IBM Domino is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:lotusdomino";...

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

Amazon Releases S2N TLS Crypto Implementation to Open Source

Amazon today released to open source its own TLS implementation called s2n, which stands for signal to noise. While admittedly not meant to be a replacement for OpenSSL, for example, s2n is a slimmed-down crypto implementation analogous to libssl, the OpenSSL library that supports TLS. Amazon chi...

MGASA-2015-0192 Updated erlang packages fix CVE-2015-2774

Updated erlang packages fix security vulnerability: Erlang's TLS-1.0 implementation failed to check padding bytes, leaving it vulnerable to an issue similar to POODLE CVE-2015-2774...

Race condition

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System IPS Software before 7.33E4 allows remote attackers to cause a denial of service process hang by establishing many HTTPS sessions, aka Bug ID CSCuq40652...

USN-2518-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...