EUVD-2015-7722

Malware in sbrugna...

K14236: OpenSSL vulnerability CVE-2012-2686

Security Advisory Description A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a denial-of-service DoS attack. Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1 before 1.0.1d is affected. Platforms...

SUSE CVE-2018-0498

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...

Security Bulletin: Tivoli Storage Productivity Center affected by vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2012-2686, CVE-2013-0166)

Summary A number of security vulnerabilities have been discovered in the OpenSSL libraries included in Tivoli Storage Productivity Center. These libraries are used for communications with the Storage Resource agent and some storage systems. Vulnerability Details VULNERABILITY DETAILS: DESCRIPTION...

OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Windows

OpenSSL is prone to a plaintext-recovery attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenSSL: TLS 1.1 and 1.2 AES-NI Crash (20130205) - Windows

OpenSSL is prone to a denial of service attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Linux

OpenSSL is prone to a plaintext-recovery attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ALPINE-CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

DEBIAN-CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

Code injection

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites...

CVE-2015-7824

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites...

CVE-2015-7824

Botan 1.11.x prior to 1.11.22 is vulnerable to a padding-oracle attack that makes it easier for remote attackers to decrypt TLS ciphertext when using TLS CBC ciphersuites. This is a remote/network issue affecting the Botan cryptographic library; exploitation is contingent on using an affected 1.1...

Mandriva Linux Security Advisory : gnutls (MDVSA-2013:040)

Nadhem Alfardan and Kenny Paterson devised an attack that recovers some bits of the plaintext of a GnuTLS session that utilizes that CBC ciphersuites, by using timing information CVE-2013-1619. The gnutls package has been updated to latest 3.0.28 version to fix above problem. %NASLMINLEVEL 70300 ...

FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (69bfc852-9bd0-11e2-a7be-8c705af55518)

A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack. %NASLMINLEVEL 70300 C Tenable Network...

FreeBSD-SA-13:03.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:03.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2013-04-02 Affects: All...

Vulnerability in OpenSSL - TLS 1.1 and 1.2 AES-NI crash

A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. Found by Adam Langley and Wolfgang Ettlinger...

Vulnerability in OpenSSL - SSL, TLS and DTLS Plaintext Recovery Attack

A weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could lead to plaintext recovery by exploiting timing differences arising during MAC processing. Found by Nadhem J. AlFardan and Kenneth G. Paterson of the Information Security Group Royal Holloway, University of London...

Moderate: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available that fix a potential timing-based attack. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer SSL v2/...