Lucene search
K

54 matches found

RedHat Linux
RedHat Linux
added 2015/06/29 4:9 p.m.6 views

postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...

7.5CVSS7.3AI score0.03965EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/29 4:9 p.m.47 views

Moderate: Red Hat Security Advisory: rh-postgresql94-postgresql security update

Updated rh-postgresql94-postgresql packages that fix three security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

9.8CVSS7AI score0.08565EPSS
Exploits0References4
NVD
NVD
added 2014/09/18 10:55 a.m.18 views

CVE-2014-5413

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm...

6.4CVSS6.5AI score0.01028EPSS
Exploits0References3
NVD
NVD
added 2014/09/18 10:55 a.m.19 views

CVE-2014-4364

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash...

5.6CVSS4.9AI score0.00806EPSS
Exploits0References10
Prion
Prion
added 2014/09/18 10:55 a.m.19 views

Authentication flaw

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash...

2.9CVSS6.4AI score0.00806EPSS
Exploits0References10Affected Software2
Prion
Prion
added 2014/09/18 10:55 a.m.18 views

Code injection

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm...

5CVSS7AI score0.01028EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2014/09/18 10:0 a.m.50 views

CVE-2014-5413

CVE-2014-5413 affects Schneider Electric StruxureWare SCADA Expert ClearSCADA (2010 R3 through 2014 R1). The root issue is weak cryptographic controls: the self-signed web certificate uses MD5, enabling potential cryptographic spoofing of servers. Additionally, ICS-CERT describes a cross-site scr...

6.4CVSS6.7AI score0.01028EPSS
Exploits0References3Affected Software2
ThreatPost
ThreatPost
added 2013/10/23 2:34 p.m.12 views

ProSoft Technology RadioLinx ControlScape PRNG vulnerability

Industrial automation software used worldwide to create and configure wireless radios that connect devices in environments such as oil and gas is vulnerable to attack by a hacker armed with an antenna from as far as 30 miles away. Though the vulnerability in the ProSoft Technology RadioLinx...

0.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2013/09/16 2:17 p.m.10 views

BEAST Cryptographic Attack Mitigations Overturned

The BEAST cryptographic attack, once thought to be largely mitigated, has two things conspiring against it to make breaches potentially possible again. Not only has a server-side mitigation essentially been rendered moot by recent research into the RC4 cryptographic protocol, but Apple has yet to...

0.5AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2005/08/01 12:0 a.m.20 views

FreeBSD : gnupg -- OpenPGP symmetric encryption vulnerability (8375a73f-01bf-11da-bc08-0001020eed82)

Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact : This attack, while very significant from a cryptographic point of view, is not generally effectiv...

5CVSS5.5AI score0.02946EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2005/02/08 12:0 a.m.31 views

gnupg -- OpenPGP symmetric encryption vulnerability

Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact: This attack, while very significant from a cryptographic point of view, is not generally effective...

5CVSS6.2AI score0.02946EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.33 views

Debian DSA-273-1 : krb4 - Cryptographic weakness

A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for...

7.5CVSS8.1AI score0.04284EPSS
Exploits0References3
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.35 views

CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

5.9AI score0.13718EPSS
Exploits0References20
Debian CVE
Debian CVE
added 2004/09/01 4:0 a.m.28 views

CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

5CVSS8.7AI score0.13718EPSS
Exploits0
Rows per page
Query Builder