Lucene search
K

134 matches found

NVD
NVD
added 2013/02/08 7:55 p.m.38 views

CVE-2013-1618

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of...

4CVSS6.6AI score0.02157EPSS
Exploits0References5
OSV
OSV
added 2013/02/08 7:55 p.m.1 views

DEBIAN-CVE-2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS9.4AI score0.0644EPSS
Exploits1References1
NVD
NVD
added 2013/02/08 7:55 p.m.43 views

CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

4CVSS6.6AI score0.02972EPSS
Exploits0References6
OSV
OSV
added 2013/02/08 7:55 p.m.10 views

CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

5.9AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2013/02/08 7:55 p.m.2 views

CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS5.6AI score0.35584EPSS
Exploits1References62
Prion
Prion
added 2013/02/08 7:55 p.m.29 views

Design/Logic Flaw

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS6.8AI score0.35584EPSS
Exploits2References14Affected Software1
Prion
Prion
added 2013/02/08 7:55 p.m.34 views

Design/Logic Flaw

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.8AI score0.35584EPSS
Exploits1References19Affected Software15
Prion
Prion
added 2013/02/08 7:55 p.m.34 views

Code injection

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

4.3CVSS6.7AI score0.35584EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2013/02/08 7:55 p.m.25 views

Design/Logic Flaw

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

4CVSS6.8AI score0.35584EPSS
Exploits1References6Affected Software2
UbuntuCve
UbuntuCve
added 2013/02/08 7:55 p.m.33 views

CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

4.3CVSS5.9AI score0.02068EPSS
Exploits0References3
Prion
Prion
added 2013/02/08 7:55 p.m.44 views

Design/Logic Flaw

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of...

4CVSS6.8AI score0.35584EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2013/02/08 7:55 p.m.27 views

Design/Logic Flaw

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...

4.3CVSS6.8AI score0.35584EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2013/02/08 7:55 p.m.4 views

UBUNTU-CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

4CVSS7.2AI score0.02972EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/02/08 7:55 p.m.34 views

CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

4CVSS7.2AI score0.02972EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/02/08 7:0 p.m.36 views

CVE-2013-1623

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...

6.7AI score0.02424EPSS
Exploits0References5
CVE
CVE
added 2013/02/08 7:0 p.m.135 views

CVE-2013-1624

Technical details for CVE-2013-1624 are not publicly available in the provided documents. Monitor for updates.

4CVSS6.7AI score0.02972EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2013/02/08 7:0 p.m.160 views

CVE-2013-1619

CVE-2013-1619 affects the TLS implementation in GnuTLS prior to 2.12.23, 3.0.x prior to 3.0.28, and 3.1.x prior to 3.1.7. The vulnerability arises from improper consideration of timing side-channel attacks on a noncompliant CBC padding check during processing of malformed CBC padding, enabling re...

4CVSS6.8AI score0.0644EPSS
Exploits1References14Affected Software1
Cvelist
Cvelist
added 2013/02/08 7:0 p.m.37 views

CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

6.3AI score0.02068EPSS
Exploits0References4
CVE
CVE
added 2013/02/08 7:0 p.m.178 views

CVE-2013-1620

The CVE-2013-1620 entry concerns the TLS implementation in Mozilla NSS. It describes a timing-side‑channel flaw during a noncompliant CBC padding (MAC check) processing for malformed TLS records, allowing remote attackers to perform distinguishing attacks and plaintext-recovery through timing ana...

4.3CVSS6.7AI score0.03723EPSS
Exploits0References19Affected Software1
CVE
CVE
added 2013/02/08 7:0 p.m.75 views

CVE-2013-1618

Technical details specific to CVE-2013-1618 are not publicly provided in the supplied documents; related entries cite timing-side-channel issues linked to CVE-2013-0169 but do not detail this CVE.

4CVSS6.8AI score0.02157EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder