Lucene search
K

181 matches found

Ubuntu
Ubuntu
added 2017/05/09 2:16 p.m.128 views

USN-3279-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache modsessioncrypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. CVE-2016-0736 Maksim Malyutin discovered that the Apache modauthdigest module incorrectly...

7.5CVSS6.6AI score0.49024EPSS
Exploits4
Openbugbounty
Openbugbounty
added 2017/05/05 8:47 a.m.11 views

ecb.co.uk XSS vulnerability

Vulnerable URL: http://www.ecb.co.uk/search/node/'-confirmOPENBUGBOUNTY-'/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 146202 VIP website status:| No Coordinated Disclosure...

6.4AI score
Exploits0
n0where
n0where
added 2017/04/10 4:27 a.m.140 views

Automated Modular Cryptanalysis Tool: FeatherDuster

Automated Modular Cryptanalysis Tool FeatherDuster is a tool written by Daniel “unicornfurnace” Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and...

7.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/02/02 2:48 p.m.39 views

CVE-2017-2598

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

4.3CVSS3.4AI score0.01098EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/01/31 12:0 a.m.32 views

Fedora 25 : python-crypto (2017-7c569d396b)

A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this...

9.8CVSS8.6AI score0.09501EPSS
Exploits1References2
Veracode
Veracode
added 2017/01/13 8:55 a.m.48 views

Unsafe Encryption Scheme

bouncycastle allows for the use of electronic code book ECB mode with Elliptical Curve Integrated Encryption Scheme ECIES. The use of ECB is generally unsafe because it is susceptible to replay attacks...

7.4CVSS7.5AI score0.02208EPSS
Exploits0References7Affected Software223
UbuntuCve
UbuntuCve
added 2016/12/22 12:0 a.m.57 views

CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS7.1AI score0.49024EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2016/06/28 12:0 a.m.23 views

GLSA-201606-19 : kwalletd: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201606-19 kwalletd: Information disclosure Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact : Local attackers, with access to the password store, could conduct a codebo...

5CVSS5.5AI score0.02147EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2016/06/27 12:0 a.m.23 views

kwalletd: Information disclosure

Background Kwalletd is is a credentials management application for KDE. Description Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store. Impact Local attackers, with access to the password store, could conduct a codebook attack in order to obtain...

5CVSS6.4AI score0.02147EPSS
Exploits1
Apache Httpd
Apache Httpd
added 2016/01/20 12:0 a.m.144 views

Apache Httpd < 2.4.25 : Padding Oracle in Apache mod_session_crypto

Prior to Apache HTTP release 2.4.25, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks,...

7.5CVSS1.5AI score0.49024EPSS
Exploits4Affected Software1
NVD
NVD
added 2015/08/28 3:59 p.m.13 views

CVE-2015-2987

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

2.6CVSS6.3AI score0.00695EPSS
Exploits0References4
Prion
Prion
added 2015/08/28 3:59 p.m.16 views

Sql injection

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

2.6CVSS6.8AI score0.00695EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2015/08/28 3:59 p.m.39 views

CVE-2015-2987

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

2.6CVSS6.4AI score0.00695EPSS
Exploits0
OSV
OSV
added 2015/08/28 3:59 p.m.9 views

AZL-34660 CVE-2015-2987 affecting package ed for versions less than 1.20-1

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

2.6CVSS7.1AI score0.00695EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/08/28 2:0 p.m.21 views

CVE-2015-2987

Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits...

7.4AI score0.00695EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.21 views

openSUSE Security Update : kdebase4-runtime / kdelibs4 / konversation / etc (openSUSE-2015-251)

KDE and QT were updated to fix security issues and bugs. The following vulerabilities were fixed : - CVE-2014-0190: Malformed GIF files could have crashed QT based applications - CVE-2015-0295: Malformed BMP files could have crashed QT based applications - CVE-2014-8600: Multiple cross-site...

5CVSS6.8AI score0.06311EPSS
Exploits3References10
OSV
OSV
added 2015/01/31 1:23 p.m.10 views

MGASA-2015-0044 Updated kdebase4-runtime packages fix CVE-2013-7252 and several bugs

Updated kdebase4-runtime packages fix security vulnerability: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack CVE-2013-7252. This...

5CVSS6.5AI score0.02147EPSS
Exploits1References7
Mageia
Mageia
added 2015/01/31 1:23 p.m.40 views

Updated kdebase4-runtime packages fix CVE-2013-7252 and several bugs

Updated kdebase4-runtime packages fix security vulnerability: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack CVE-2013-7252. This...

5CVSS2.8AI score0.02147EPSS
Exploits1References6
0day.today
0day.today
added 2015/01/20 12:0 a.m.157 views

McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure Exploit

This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 's...

5CVSS6.7AI score0.17355EPSS
Exploits4
NVD
NVD
added 2015/01/18 6:59 p.m.19 views

CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

5CVSS6.3AI score0.02147EPSS
Exploits1References7
Rows per page
Query Builder