Lucene search
K

2876 matches found

Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.29 views

openSUSE Security Update : libressl (openSUSE-2019-644)

This update for libressl to version 2.8.0 fixes the following issues : Security issues fixed : - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. boo1097779 - Reject excessively large primes in DH key generation. Other bugs fixed : - Fixed a pair of 20+...

4.7CVSS5.5AI score0.00321EPSS
Exploits0References2
OSV
OSV
added 2019/03/21 4:1 p.m.2 views

CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

9.8CVSS7.3AI score0.01081EPSS
Exploits3References3
ALT Linux
ALT Linux
added 2019/03/20 12:0 a.m.36 views

Security fix for the ALT Linux 9 package openssl10 version 1.0.2r-alt1

March 20, 2019 Gleb Fotengauer-Malinovskiy 1.0.2r-alt1 - Updated to 1.0.2r fixes CVE-2019-1559. - Synced cipher-list.conf with libcrypto1.1 1.1.1b-alt1...

4.3CVSS6.5AI score0.17139EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/08 12:0 a.m.32 views

FreeBSD : OpenSSL -- ChaCha20-Poly1305 nonce vulnerability (e56f2f7c-410e-11e9-b95c-b499baebfeaf)

The OpenSSL project reports : Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length...

7.4CVSS6.3AI score0.05701EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/03/07 9:21 a.m.56 views

Internet Bug Bounty: ChaCha20-Poly1305 with long nonces

This report relates to CVE-2019-1543, https://www.openssl.org/news/secadv/20190306.txt, which I reported to the OpenSSL maintainers a few days ago. OpenSSL accepts nonces for the AEAD cipher ChaCha20-Poly1305 of up to 16-bytes. This support is advertised in the OpenSSL documentation and via the...

5.8CVSS7.4AI score0.05701EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/03/06 9:29 p.m.36 views

CVE-2019-1543

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

7.4CVSS6.5AI score0.05701EPSS
Exploits0References2
Prion
Prion
added 2019/03/06 9:29 p.m.30 views

Design/Logic Flaw

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

5.8CVSS7.1AI score0.05701EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2019/03/06 9:29 p.m.22 views

CVE-2019-1543

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

7.4CVSS6.3AI score
Exploits0References13
CVE
CVE
added 2019/03/06 9:0 p.m.479 views

CVE-2019-1543

CVE-2019-1543 describes a nonce handling flaw in ChaCha20-Poly1305 within OpenSSL: accepting non-default nonce lengths up to 16 bytes with only the last 12 bytes considered, risking nonce reuse if an application sets a longer nonce and changes leading bytes. OpenSSL 1.1.1 and 1.1.0 are affected. ...

7.4CVSS6.1AI score0.05701EPSS
Exploits0References13Affected Software1
Debian CVE
Debian CVE
added 2019/03/06 9:0 p.m.39 views

CVE-2019-1543

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

7.4CVSS6.3AI score0.05701EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/03/06 9:0 p.m.30 views

CVE-2019-1543

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

7.4CVSS6.3AI score0.05701EPSS
Exploits0
FreeBSD
FreeBSD
added 2019/03/06 12:0 a.m.104 views

OpenSSL -- ChaCha20-Poly1305 nonce vulnerability

The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...

7.4CVSS1.2AI score0.05701EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/05 12:59 p.m.60 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Personal Communications (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Personal Communications. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

5CVSS6.5AI score0.74006EPSS
Exploits0Affected Software1
Oracle linux
Oracle linux
added 2019/03/05 12:0 a.m.59 views

java-1.7.0-openjdk security update

1:1.7.0.211-2.6.17.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.211-2.6.17.1 - Produce debug symbols for libpulse-java.so - Set ITCFLAGS=-g so that debug symbols for the pulse audio - native library are being produced. This is needed to fix - rpmdiff errors of missing .debuginfo in...

3.1CVSS2.2AI score0.03468EPSS
Exploits0
Prion
Prion
added 2019/02/22 11:29 p.m.16 views

Buffer overflow

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller ADC 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10....

4.3CVSS5.3AI score0.02315EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2019/02/22 11:29 p.m.4 views

CVE-2019-6485

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller ADC 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10....

5.9CVSS5.8AI score0.02315EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/02/22 11:0 p.m.31 views

CVE-2019-6485

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller ADC 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10....

5.4AI score0.02315EPSS
Exploits0References3
OSV
OSV
added 2019/02/21 3:29 a.m.2 views

DEBIAN-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS7AI score0.01089EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/02/21 3:29 a.m.28 views

CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS7.1AI score0.01089EPSS
Exploits0References3
OSV
OSV
added 2019/02/21 3:29 a.m.2 views

UBUNTU-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

7.5CVSS5.8AI score0.01089EPSS
Exploits0References4
Rows per page
Query Builder