Lucene search
K

134 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.5 views

SUSE CVE-2013-1618

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of...

4CVSS6.5AI score0.02157EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.4 views

SUSE CVE-2013-1620

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS8.9AI score0.03723EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.2 views

SUSE CVE-2013-1623

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...

4.3CVSS6.6AI score0.02424EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.5 views

SUSE CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

4CVSS6.5AI score0.02972EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.5 views

SUSE CVE-2014-8730

The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 throu...

4.3CVSS6.3AI score0.1372EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.4 views

SUSE CVE-2020-16150

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

5.5CVSS5.5AI score0.00368EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/07/13 12:0 a.m.48 views

Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS5.6AI score0.00521EPSS
Exploits0References5Affected Software5
OSV
OSV
added 2022/07/13 12:0 a.m.67 views

GHSA-64X4-9HC6-R2H6 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS4.9AI score0.00521EPSS
Exploits0References4
OSV
OSV
added 2022/02/11 11:26 p.m.68 views

GHSA-F5PG-7WFW-84Q9 CBC padding oracle issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

5.6CVSS5.1AI score0.00348EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2021/10/14 7:53 a.m.94 views

Important: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.0 Release - Container Images

Red Hat 3scale API Management 2.11.0 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

7.7CVSS6.9AI score0.53461EPSS
Exploits12References4
Tenable Nessus
Tenable Nessus
added 2021/01/06 12:0 a.m.66 views

IBM HTTP Server 8.5.0.0 <= 8.5.5.4 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.35 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (521711)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway,...

4.3CVSS6.8AI score0.99999EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2020/12/15 12:0 a.m.54 views

IBM HTTP Server 8.5.0.0 <= 8.5.0.2 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.27 / 6.1.0.0 <= 6.1.0.45 (491407)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement duri...

2.6CVSS6.5AI score0.35584EPSS
Exploits1References2
OSV
OSV
added 2020/09/02 4:15 p.m.3 views

UBUNTU-CVE-2020-16150

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

5.5CVSS7.1AI score0.00368EPSS
Exploits0References4
OSV
OSV
added 2020/07/31 11:25 p.m.3 views

MGASA-2020-0308 Updated botan2 packages fix security vulnerability

The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length...

6.8AI score
Exploits0References4
Mageia
Mageia
added 2020/07/31 11:25 p.m.18 views

Updated botan2 packages fix security vulnerability

The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length...

1.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/14 12:0 a.m.16 views

Fedora 32 : botan2 (2020-539fd85292)

Update to 2.14.0 including security fix Side channel during CBC padding. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

5.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2019/08/23 7:52 p.m.12 views

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

6.9AI score0.00706EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/02/15 12:0 a.m.79 views

iLO 3 < 1.88 Information Disclosure Vulnerability

An information disclosure vulnerability exists in iLO 3 before firmware version 1.88 due to an improper use of a MAC protection mechanism in conjunction with CBC padding in its TLS implementation. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information. ...

4.3CVSS4.9AI score0.01647EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 8:52 a.m.36 views

Timing Side- Channel Attack

OpenSSL is vulnerable to timing attacks. It happens because of lack of validation of MAC addresses in constant time during the processing of a malformed CBC padding. It is also known as "Lucky Thirteen" issue...

2.6CVSS6.4AI score0.35584EPSS
Exploits1References58Affected Software4
Hacker One
Hacker One
added 2018/02/22 4:43 p.m.264 views

Semrush: SSLv3 Poodle Attack on Ip Of semrush

Summary: POODLE SSLv3 bug on multiple servers Description: CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka...

4.3CVSS5.1AI score0.99999EPSS
Exploits7
Rows per page
Query Builder