CVE-2018-16242

The CVE-2018-16242 entry describes oBike’s use of Hangzhou Luoping Smart Locker, where an attacker can bypass the locking mechanism by replaying ciphertext in a BLE-based protocol that uses a predictable nonce. Affected component is the bicycle lock system's BLE lock protocol; the underlying issu...

CVE-2018-5548

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts...

CVE-2017-17305

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...

CVE-2017-17305

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...

Cisco IOS/IOS XE Software Information Disclosure Vulnerability (CNVD-2018-16176)

Cisco IOS Software and IOS XE Software are both operating systems for Cisco network devices. Cisco IOS Software and Cisco IOS XE Software have an information disclosure vulnerability in the implementation of RSA encryption nonces that stems from the program not responding correctly to encryption...

GHSA-6528-WVF6-F6QG Pycrypto generates weak key parameters

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...

CentOS 7 : thunderbird (CESA-2018:1725)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3660-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3660-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

RHEL 6 : thunderbird (RHSA-2018:1726)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1726 advisory. - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Use-after-free with SVG animations and clip...

Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

PYSEC-2018-31

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

PYSEC-2018-31

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

CVE-2018-1000159

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

Design/Logic Flaw

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

CVE-2018-9860

Botan CVE-2018-9860 affects Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext can cause the receiver to include 64K bytes following the record buffer in the HMAC, leading to a denial of service (MAC check fails and connection closes). No info...

Design/Logic Flaw

Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse...

CVE-2014-5131

CVE-2014-5131 affects Avolve Software ProjectDox 8.1. The issue enables remote authenticated users to obtain sensitive information by exploiting ciphertext reuse: the application encrypts data identifiers without a randomized IV or with identical IVs in multiple locations, allowing an attacker to...

CVE-2014-5131

Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse...