Lucene search
K

75 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:21 p.m.11 views

Security Bulletin: TLS padding vulnerability affects Tivoli Access Manager for e-business and IBM Security Access Manager for Web (CVE-2014-8730)

Summary IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web are affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects both IBM Tivoli Access Manager for...

4.3CVSS0.6AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:58 p.m.16 views

Security Bulletin: TLS padding vulnerability affects IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700 and 7710 (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700 and 7710. Vulnerability Details CVE-ID:...

4.3CVSS0.1372EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:18 p.m.15 views

Security Bulletin: TLS padding vulnerability affects IBM SPSS Modeler (CVE-2014-8730)

Summary Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM SPSS Modeler. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caus...

4.3CVSS0.6AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:8 p.m.16 views

Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM® DB2® LUW. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by the...

4.3CVSS0.1372EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:13 p.m.30 views

Security Bulletin: TLS padding vulnerability affects IBM Cognos Business Intelligence (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Cognos Business Intelligence. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

4.3CVSS7AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:13 p.m.10 views

Security Bulletin: TLS padding vulnerability affects IBM Cognos Metrics Manager (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Cognos Metrics Manager Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information,...

4.3CVSS0.5AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.35 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MQ Appliance

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on...

10CVSS1.5AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.12 views

Security Bulletin: TLS padding vulnerability affects IBM WebSphere MQ Internet Pass-Thru V2.0 (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects some versions of IBM WebSphere MQ Internet Pass-Thru SupportPac MS81. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: IBM WebSphere MQ Internet...

4.3CVSS1AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.14 views

Security Bulletin: TLS padding vulnerability affects IBM WebSphere MQ (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM WebSphere MQ. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by th...

4.3CVSS1.6AI score0.1372EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/10/20 12:0 a.m.59 views

Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVPEncodeUpdate function within file...

8.2CVSS7.7AI score0.89058EPSS
Exploits6References26
Tenable Nessus
Tenable Nessus
added 2016/09/28 12:0 a.m.53 views

F5 Networks BIG-IP : TMM SSL/TLS virtual server vulnerability (K39508724)

TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a 'Vaudenay timing attack' aka 'Padding oracle attack.'CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms : The VIPRION B4450 blade and BIG-IP 2000 and 4000 series platforms are...

5.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/08/26 12:0 a.m.36 views

Oracle Access Manager Webgate Information Disclosure (July 2016 CPU)

Binary data oracleaccessmanagerwebgatecve20162107.nbin...

5.9CVSS7.3AI score0.89058EPSS
Exploits6References2
Huawei
Huawei
added 2016/07/06 12:0 a.m.64 views

Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...

10CVSS8.6AI score0.89058EPSS
Exploits7Affected Software61
OpenVAS
OpenVAS
added 2016/05/09 12:0 a.m.268 views

Mageia: Security Advisory (MGASA-2016-0169)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.6AI score0.89058EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2016/05/04 12:0 a.m.48 views

Amazon Linux AMI : openssl (ALAS-2016-695)

A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. CVE-2016-2107 , Important It was discovered that the ASN.1 parser can misinterpret a large universal t...

10CVSS7.7AI score0.89058EPSS
Exploits7References6
ArchLinux
ArchLinux
added 2016/05/04 12:0 a.m.69 views

openssl: multiple issues

CVE-2016-2105 buffer overflow: An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the...

7.8CVSS1.1AI score0.89058EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2016/05/04 12:0 a.m.51 views

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-2959-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2959-1 advisory. Huzaifa Sidhpurwala, Hanno Bck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remot...

10CVSS8.2AI score0.89058EPSS
Exploits7References6
Ubuntu
Ubuntu
added 2016/05/03 2:49 p.m.104 views

USN-2959-1: OpenSSL vulnerabilities

Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-2108 Juraj...

10CVSS8.1AI score0.89058EPSS
Exploits7
ThreatPost
ThreatPost
added 2016/05/03 12:17 p.m.50 views

OpenSSL Patches Padding Oracle Attack Bug

The latest batch of OpenSSL security patches were released today, with a pair of high-severity flaws and four low-severity issues addressed in OpenSSL 1.0.1t and OpenSSL 1.0.2h. One of the high-severity flaws, CVE-2016-2107, opens the door to a padding oracle attack that can allow for the...

2.6CVSS0.8AI score0.89058EPSS
Exploits6References3
GithubExploit
GithubExploit
added 2015/02/03 8:28 p.m.4 views

Exploit for CVE-2014-3566

PoC exploit for CVE-2014-3566, a Padding Oracle On Downgraded Le...

4.3CVSS6.5AI score0.99999EPSS
Exploits7
Rows per page
Query Builder