Lucene search
+L

106 matches found

osv
osv
added 2019/05/02 5:29 p.m.32 views

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

5.9CVSS7AI score0.44398EPSS
Exploits0References8
veracode
veracode
added 2019/05/02 4:46 a.m.47 views

Weak Authentication

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References40Affected Software63
prion
prion
added 2019/02/26 3:29 p.m.21 views

Code injection

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

4.3CVSS5.6AI score0.00653EPSS
Exploits0References1Affected Software12
osv
osv
added 2019/02/26 3:29 p.m.2 views

CVE-2019-6593

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

5.9CVSS6.4AI score
Exploits0References1
nvd
nvd
added 2019/02/26 3:29 p.m.26 views

CVE-2019-6593

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

5.9CVSS5.5AI score0.00653EPSS
Exploits0References1
cve
cve
added 2019/02/26 3:0 p.m.83 views

CVE-2019-6593

CVE-2019-6593 affects BIG-IP TMM TLS/Client SSL CBC-mode sessions on versions 11.5.1–11.5.4, 11.6.1 and 12.1.0, enabling plaintext recovery via a chosen-ciphertext MITM without server private-key access. F5 advisory K10065173 documents affected branches: 12.x vulnerable in 12.1.0 with fixes in 12...

5.9CVSS4.5AI score0.00653EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2019/02/26 12:0 a.m.77 views

F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)

A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...

5.9CVSS6.5AI score0.00653EPSS
Exploits0References2
nessus
nessus
added 2018/05/30 12:0 a.m.53 views

CentOS 7 : thunderbird (CESA-2018:1725)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS7.5AI score0.21288EPSS
Exploits4References13
nessus
nessus
added 2018/05/29 12:0 a.m.52 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3660-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3660-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

9.8CVSS7.7AI score0.21288EPSS
Exploits4References13
nessus
nessus
added 2018/05/25 12:0 a.m.50 views

RHEL 6 : thunderbird (RHSA-2018:1726)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1726 advisory. - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Use-after-free with SVG animations and clip...

9.8CVSS7.6AI score0.21288EPSS
Exploits4References26
redhat
redhat
added 2018/05/24 7:59 p.m.5 views

Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

7.5CVSS7.4AI score0.01798EPSS
Exploits0References5
redhat
redhat
added 2018/05/24 7:31 p.m.92 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS6.7AI score0.21288EPSS
Exploits4References13
redhat
redhat
added 2018/05/24 7:31 p.m.4 views

Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

7.5CVSS7.4AI score0.01798EPSS
Exploits0References5
metasploit
metasploit
added 2018/02/02 10:29 p.m.38 views

Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5

Some TLS implementations handle errors processing RSA key exchanges and encryption PKCS 1 v1.5 messages in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when th...

0.3AI score
Exploits0
osv
osv
added 2018/01/04 4:48 p.m.10 views

MGASA-2018-0060 Updated erlang packages fix security vulnerabilities

It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys CVE-2017-1000385...

5.9CVSS5.5AI score0.22098EPSS
Exploits0References3
mageia
mageia
added 2018/01/04 4:48 p.m.36 views

Updated erlang packages fix security vulnerabilities

It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys CVE-2017-1000385...

5.9CVSS2.9AI score0.22098EPSS
Exploits0References2
nessus
nessus
added 2017/12/26 12:0 a.m.41 views

Debian DSA-4072-1 : bouncycastle - security update

Hanno Boeck, Juraj Somorovsky and Craig Young discovered that the TLS implementation in Bouncy Castle is vulnerable to an adaptive chosen ciphertext attack against RSA keys. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

7.5CVSS6.8AI score0.24282EPSS
Exploits0References4
prion
prion
added 2017/11/17 7:29 p.m.35 views

Code injection

On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when...

4.3CVSS7.2AI score0.19553EPSS
Exploits1References5Affected Software9
mageia
mageia
added 2016/05/21 10:11 p.m.29 views

Updated php-ZendFramework2 packages fix CVE-2015-7503

Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...

7.5CVSS7.5AI score0.01356EPSS
Exploits0References2
openvas
openvas
added 2015/09/08 12:0 a.m.20 views

Amazon Linux: Security Advisory (ALAS-2014-278)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.1CVSS5.9AI score0.00451EPSS
Exploits0References2
Rows per page
Query Builder