Lucene search
K

162 matches found

CNVD
CNVD
added 2017/07/05 12:0 a.m.3 views

Communication message decryption vulnerability exists in the Voyager Android app

The Voyager Android app is a mobile app for buying airline tickets. A communication message decryption vulnerability exists in the TravelSense Android app. The vulnerability stems from fixed-key hardcoding, which can be exploited by an attacker to crack the encryption algorithm and break other...

6.8AI score
Exploits0
Prion
Prion
added 2017/04/14 6:59 p.m.15 views

Design/Logic Flaw

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack...

5CVSS6.8AI score0.05007EPSS
Exploits0References8Affected Software6
RedHat Linux
RedHat Linux
added 2016/11/03 8:8 a.m.3 views

nettle: RSA/DSA code is vulnerable to cache-timing related attacks

It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance...

7.5CVSS7.4AI score0.05007EPSS
Exploits0References4
OSV
OSV
added 2016/10/28 3:59 p.m.8 views

CVE-2016-8871

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack...

6.2CVSS6.7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2016/05/12 12:0 a.m.46 views

Cisco Nexus 9000 Series Software Password Exposure Vulnerability (Cisco-SA-20150623-CVE-2015-4213)

A vulnerability in Cisco Nexus 9000 Series Software could allow an authenticated, remote attacker to expose passwords in plain text format. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

4CVSS6.7AI score0.02603EPSS
Exploits0References1
OSV
OSV
added 2016/04/19 9:59 p.m.1 views

DEBIAN-CVE-2015-7511

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations...

2CVSS9AI score0.00429EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/03/07 12:0 a.m.37 views

SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)

Binary data 801962.prm...

5.9CVSS7.3AI score0.82112EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2016/03/01 12:0 a.m.39 views

SSLv2 Cross-Protocol Session Decryption Vulnerability (DROWN)

Binary data 9127.prm...

5.9CVSS7.3AI score0.82112EPSS
Exploits2References3
OSV
OSV
added 2016/01/15 8:59 p.m.2 views

CVE-2016-1910

The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...

5.3CVSS5.8AI score0.06817EPSS
Exploits5References5
Cvelist
Cvelist
added 2016/01/15 8:0 p.m.25 views

CVE-2016-1910

The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...

6.3AI score0.06817EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2015/12/04 12:0 a.m.5 views

PT-2018-2116

Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 2.14.1 Mbed TLS versions prior to 2.7.8 Mbed TLS versions prior to 2.1.17 Description The issue is related to a local synchronization problem during RSA decryption in Mbed TLS, allowing a local unprivileged attacker ...

4.9CVSS5.8AI score0.00336EPSS
Exploits0References36
CNVD
CNVD
added 2015/11/10 12:0 a.m.3 views

IBM DataPower Gateways GatewayScript Module Information Disclosure Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads, which protects, integrates, and optimizes access across channels...

2.6CVSS6.5AI score0.01014EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/11/08 10:0 p.m.34 views

CVE-2015-7412

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...

6.3AI score0.01014EPSS
Exploits0References2
CNVD
CNVD
added 2015/06/26 12:0 a.m.4 views

Cisco Nexus 9000 NX-OS Information Disclosure Vulnerability

Cisco NX-OS is an operating system that runs in the Nexus 9000 series devices. A security vulnerability in the Cisco NX-OS decryption mechanism on Cisco Nexus 9000 devices allows a remote attacker to obtain plaintext passwords...

4CVSS6.9AI score0.02603EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/09 12:0 a.m.1 views

Wireshark TLS/SSL Decryption Denial of Service Vulnerability

Wireshark is an open source network protocol analysis tool. A denial of service vulnerability exists in Wireshark TLS/SSL because it fails to properly handle certain types of packets. An attacker could exploit this vulnerability to crash the affected application and deny service to legitimate use...

5CVSS6.7AI score0.02775EPSS
Exploits0References1
myhack58
myhack58
added 2007/11/09 12:0 a.m.15 views

Security crisis crack USB disk encryption tool encryption principles-vulnerability warning-the black bar safety net

The use of U disk, mobile hard disk encryption tool encryption folder, I use file Sniffer tool also can't see the encrypted real files, when with a Duba scanning found, it seems like these files are hidden stored in/Thumbs. dn/7./ Where that 7. The 7 is sometimes other numbers, but I directly so...

7AI score
Exploits0
Prion
Prion
added 2007/07/03 6:30 p.m.18 views

Design/Logic Flaw

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...

5CVSS7.1AI score0.0176EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2006/04/26 12:6 a.m.17 views

Hardcoded credentials

iOpus Secure Email Attachments SEA, probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring...

2.1CVSS7AI score0.00361EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/04/26 12:0 a.m.44 views

CVE-2006-2036

CVE-2006-2036 affects iOpus Secure Email Attachments (SEA) 1.0. Root cause: improper handling of passwords that are repetitions of a substring, enabling an attacker to decrypt files by entering only the substring. Impact: partial confidentiality. No remediation details are provided in the supplie...

2.1CVSS6.5AI score0.00361EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2005/10/18 9:2 p.m.22 views

CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...

5CVSS5.9AI score0.01782EPSS
Exploits0References2
Rows per page
Query Builder