Lucene search
K

134 matches found

RedHat Linux
RedHat Linux
added 2013/05/14 5:49 p.m.7 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/05/01 5:59 p.m.7 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.34 views

Mandriva Linux Security Advisory : openssl (MDVSA-2013:052)

Multiple vulnerabilities has been found and corrected in openssl : OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service NULL pointer dereference and...

5CVSS6.4AI score0.35584EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.36 views

Mandriva Linux Security Advisory : nss (MDVSA-2013:050)

Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle MITM traffic management ...

4.3CVSS7.3AI score0.35584EPSS
Exploits1References3
IBM AIX
IBM AIX
added 2013/03/15 3:20 a.m.120 views

Multiple OpenSSL vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Fri Mar 15 03:20:11 CDT 2013 The most recent version of this document is available here: | Updated: Wed Jun 5 10:22:29 CDT 2013 | Update: Fix available for FIPS version | Update: Corrected CVSS base score and vector...

5CVSS7.3AI score0.35584EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2013/03/13 2:40 p.m.6 views

gnutls: TLS CBC padding timing attack (lucky-13)

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS6.8AI score0.0644EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2013/03/05 12:0 a.m.32 views

RHEL 5 / 6 : openssl (RHSA-2013:0587)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0587 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a...

5CVSS7.1AI score0.35584EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2013/03/04 9:4 p.m.3 views

gnutls: TLS CBC padding timing attack (lucky-13)

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS6.8AI score0.0644EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2013/02/20 10:45 a.m.6 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2013/02/14 12:0 a.m.37 views

Debian DSA-2622-1 : polarssl - several vulnerabilities

Multiple vulnerabilities have been found in PolarSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of craft...

4.3CVSS6.4AI score0.35584EPSS
Exploits1References8
securityvulns
securityvulns
added 2013/02/14 12:0 a.m.63 views

[SECURITY] [DSA 2622-1] polarssl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2622-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 13, 2013 http://www.debian.org/security/faq -...

4.3CVSS3.7AI score0.35584EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/02/14 12:0 a.m.42 views

Debian DSA-2621-1 : openssl - several vulnerabilities

Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an...

5CVSS6.3AI score0.35584EPSS
Exploits1References7
Debian
Debian
added 2013/02/13 8:17 p.m.24 views

[SECURITY] [DSA 2622-1] polarssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2622-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 13, 2013 http://www.debian.org/security/faq -...

4.3CVSS7.8AI score0.35584EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/02/13 12:0 a.m.37 views

Debian Security Advisory DSA 2621-1 (openssl - several vulnerabilities)

Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an inval...

5CVSS0.2AI score0.35584EPSS
Exploits1References1
OSV
OSV
added 2013/02/13 12:0 a.m.45 views

DSA-2621-1 openssl - several vulnerabilities

Bulletin has no description...

5CVSS6.6AI score0.35584EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/02/13 12:0 a.m.37 views

Debian Security Advisory DSA 2622-1 (polarssl - several vulnerabilities)

Multiple vulnerabilities have been found in PolarSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0169A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted...

4.3CVSS0.6AI score0.35584EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2013/02/12 12:0 a.m.33 views

Debian: Security Advisory (DSA-2621-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.8AI score0.35584EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2013/02/11 12:0 a.m.35 views

Opera Multiple Vulnerabilities -01 Feb 13 (Linux)

This host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln01feb13lin.nasl 27789 2013-02-11 14:20:02Z feb$ Opera Multiple Vulnerabilities -01 Feb 13 Linux Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks GmbH,...

9.3CVSS0.7AI score0.08036EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2013/02/11 12:0 a.m.29 views

Opera Multiple Vulnerabilities -01 (Feb 2013) - Mac OS X

Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.4AI score0.08036EPSS
Exploits0References6
NVD
NVD
added 2013/02/08 7:55 p.m.29 views

CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.5AI score0.35584EPSS
Exploits1References55
Rows per page
Query Builder