2867 matches found
Double free
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...
CVE-2009-5009
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...
CVE-2009-5009
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...
CVE-2009-5009
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...
CVE-2009-5009
OpenConnect vulnerability CVE-2009-5009: a double-free in the DTLS cipher option handling during reconnect on OpenConnect before 1.40 can cause denial of service (application crash) or unspecified impact on remote AnyConnect SSL VPN servers. Affected: OpenConnect
CVE-2009-5009
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...
DEBIAN-CVE-2010-3075
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...
CVE-2010-3075
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...
DEBIAN-CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
CVE-2010-3074
SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...
CVE-2010-3075
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...
CVE-2010-3074
SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...
Design/Logic Flaw
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
Input validation
SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...
CVE-2010-3075
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...
UBUNTU-CVE-2010-3074
SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...
CVE-2010-3074
SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...
CVE-2010-3075
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...
CVE-2010-3075
EncFS prior to 1.7.0 uses CFB with the same initialization vector across multiple blocks, enabling local attackers to recover XORed data and reveal sensitive information (e.g., last block containing a single byte). The vulnerability is documented across multiple sources (e.g., SUSE advisories not...
CVE-2010-3074
CVE-2010-3074 affects EncFS prior to 1.7.0, where SSL_Cipher.cpp uses an improper combination of AES and CBC modes for encrypted filesystems. This configuration enables a watermarking-like information exposure via local access. Several sources (NVD entry and vendor/OSS advisories) corroborate the...