Lucene search
K

181 matches found

CVE
CVE
added 2018/06/04 9:0 p.m.139 views

CVE-2016-1000344

CVE-2016-1000344 : The vulnerability stems from the DHIES implementation in the Bouncy Castle JCE Provider (versions 1.55 and earlier) allowing ECB mode. IBM security bulletins note this BC vulnerability affecting IBM Sterling products (e.g., Sterling File Gateway and Sterling B2B Integrator) and...

7.4CVSS7.4AI score0.0219EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2018/06/04 9:0 p.m.23 views

CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

6.5AI score0.0219EPSS
Exploits0References5
CVE
CVE
added 2018/06/04 9:0 p.m.130 views

CVE-2016-1000352

In CVE-2016-1000352, the Bouncy Castle JCE Provider (BC) up to version 1.55 allowed ECB mode in ECIES, which is insecure. Affected product: BC JCE Provider

7.4CVSS7.4AI score0.0219EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2018/06/04 9:0 p.m.35 views

CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS7.3AI score0.0219EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/06/04 9:0 p.m.32 views

CVE-2016-1000352

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS7.3AI score0.0219EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/06/04 12:0 a.m.5 views

PT-2018-4638 · Bouncy Castle +2 · Bouncy Castle Jce Provider +2

Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue concerns the use of ECB mode in the DHIES implementation, which is considered unsafe. Support for this mode has been removed from the provider. Recommendations: For...

9.8CVSS6.5AI score0.24282EPSS
Exploits1References63
UbuntuCve
UbuntuCve
added 2018/05/23 1:29 p.m.22 views

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

4.3CVSS6.3AI score0.01098EPSS
Exploits0References2
NVD
NVD
added 2018/05/23 1:29 p.m.22 views

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

4.3CVSS4.5AI score0.01098EPSS
Exploits0References4
Prion
Prion
added 2018/05/23 1:29 p.m.20 views

Design/Logic Flaw

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

4CVSS4.8AI score0.01098EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/05/23 1:29 p.m.19 views

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

4.3CVSS4.9AI score0.01098EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/05/23 1:0 p.m.25 views

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

4.3CVSS4.7AI score0.01098EPSS
Exploits0References4
CVE
CVE
added 2018/05/23 1:0 p.m.96 views

CVE-2017-2598

CVE-2017-2598 : Jenkins prior to 2.44 and 2.32.2 uses AES ECB without an IV to encrypt secrets, enabling potential exposure of stored secrets. The description explicitly ties this to Jenkins and the handling of secrets; no exploitation details are provided in the supplied documents. The available...

4.3CVSS4.5AI score0.01098EPSS
Exploits0References4Affected Software1
ThreatPost
ThreatPost
added 2018/05/07 6:54 p.m.16 views

Variant of SynAck Malware Adopts Doppelgänging Technique

Researchers have identified a new variant of the SynAck ransomware that is now using the newly identified Process Doppelgänging to slip past antivirus programs. Researchers said this is the first ransomware seen in the wild to employ the approach. Both SynAck ransomware and Process Doppelgänging...

0.2AI score
Exploits0References2
The Hacker News
The Hacker News
added 2018/05/07 12:30 p.m.111 views

First-Ever Ransomware Found Using 'Process Doppelgänging' Attack to Evade Detection

Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection. The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated...

7.5AI score
Exploits0
Prion
Prion
added 2017/12/11 9:29 p.m.17 views

Path traversal

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...

4.3CVSS5.8AI score0.00832EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/12/11 9:0 p.m.49 views

CVE-2017-8867

The CVE-2017-8867 entry covers CogniToys Dino smart toys (firmware up to 0.0.794). Affected component: voice traffic encryption uses AES-128 in ECB mode, which the documents state can be mapped to an AES key index, enabling eavesdropping on privacy-sensitive voice communications. Root cause is th...

5.9CVSS5.8AI score0.00832EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/07/27 9:29 p.m.38 views

CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS7.5AI score0.49024EPSS
Exploits4References27
Prion
Prion
added 2017/07/27 9:29 p.m.43 views

Code injection

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

5CVSS6.7AI score0.49024EPSS
Exploits4References27Affected Software1
Debian CVE
Debian CVE
added 2017/07/27 9:0 p.m.76 views

CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS7.6AI score0.49024EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2017/05/10 12:0 a.m.130 views

Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerabilities (USN-3279-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3279-1 advisory. It was discovered that the Apache modsessioncrypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker...

7.5CVSS6.3AI score0.49024EPSS
Exploits4References4
Rows per page
Query Builder