Lucene search
K

195 matches found

OSV
OSV
added 2019/02/27 11:29 p.m.37 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS5.7AI score
Exploits0References36
OSV
OSV
added 2019/02/27 11:29 p.m.2 views

DEBIAN-CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS8.7AI score0.17139EPSS
Exploits0References1
OSV
OSV
added 2019/02/27 11:29 p.m.2 views

ALPINE-CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS6.9AI score0.17139EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/02/27 11:0 p.m.35 views

CVE-2019-1559 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

6.2AI score0.17139EPSS
Exploits0References36
UbuntuCve
UbuntuCve
added 2019/02/26 12:0 a.m.58 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS6.8AI score0.17139EPSS
Exploits0References5
OSV
OSV
added 2019/02/26 12:0 a.m.6 views

UBUNTU-CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS6.7AI score0.17139EPSS
Exploits0References6
OpenSSL
OpenSSL
added 2019/02/26 12:0 a.m.67 views

Vulnerability in OpenSSL - 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

6.2AI score0.17139EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/11/03 11:55 a.m.11 views

MGASA-2018-0432 Updated mbedtls packages fix security vulnerabilities

Updated mbedtls package fixes security vulnerabilities: Fixed a vulnerability in the TLS ciphersuites based on use of CBC and SHA-384 in DTLS/TLS 1.0 to 1.2, that allowed an active network attacker to partially recover the plaintext of messages under certains conditions by exploiting timing...

5.9CVSS5.5AI score0.02674EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/08/27 2:20 p.m.8 views

openssl: BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

5.9CVSS6.7AI score0.15934EPSS
Exploits1References5
OSV
OSV
added 2018/07/28 5:29 p.m.1 views

DEBIAN-CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

5.9CVSS6.5AI score0.02674EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/07/28 5:29 p.m.25 views

CVE-2018-0498

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...

4.7CVSS6.5AI score0.00373EPSS
Exploits0References3
OSV
OSV
added 2018/07/28 5:29 p.m.3 views

ALPINE-CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

5.9CVSS8.8AI score0.02674EPSS
Exploits0References1
OSV
OSV
added 2018/06/26 4:29 p.m.3 views

DEBIAN-CVE-2018-1000520

ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtlssslgetverifyresult that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate ...

7.5CVSS6.8AI score0.00713EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:18 p.m.44 views

Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances are affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and possibly CVE-2014-0076

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

7.4CVSS1.8AI score0.95326EPSS
Exploits10Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.19 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM WebSphere MQ Internet Pass-Thru (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere MQ Internet Pass-Thru. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

5CVSS0.8AI score0.74006EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2018/06/12 12:0 a.m.29 views

CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.5CVSS6.7AI score0.49268EPSS
Exploits0References4
Kitploit
Kitploit
added 2017/09/30 9:0 p.m.28 views

CipherScan - Find out which SSL ciphersuites are supported by a target

Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl sclient command line. Cipherscan is meant to run on all...

7.2AI score
Exploits0References2
Prion
Prion
added 2017/08/18 6:29 p.m.17 views

Default configuration

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration...

10CVSS7.1AI score0.0052EPSS
Exploits0References2
NVD
NVD
added 2017/08/18 6:29 p.m.25 views

CVE-2015-0575

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration...

10CVSS9AI score0.0052EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/08/18 6:0 p.m.24 views

CVE-2015-0575

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration...

8.5AI score0.0052EPSS
Exploits0References2
Rows per page
Query Builder