Lucene search
K

181 matches found

OSV
OSV
added 2018/09/13 2:29 p.m.5 views

CVE-2018-5548

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts...

6.1CVSS5.8AI score0.01445EPSS
Exploits1References3
CVE
CVE
added 2018/09/13 2:0 p.m.70 views

CVE-2018-5548

CVE-2018-5548 affects BIG-IP APM. The connected F5 advisory confirms an insecure AES ECB mode is used for the orig_uri parameter in an undisclosed /vdesk link of an APM virtual server with an access profile. This enables an attacker with a valid APM session to forge a redirect URL by manipulating...

6.1CVSS6.2AI score0.01445EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/09/13 2:0 p.m.31 views

CVE-2018-5548

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts...

6.3AI score0.01445EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2018/09/11 7:53 a.m.3 views

bouncycastle: DHIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS7.2AI score0.0219EPSS
Exploits0References4
Veracode
Veracode
added 2018/08/20 7:37 a.m.18 views

Integer Overflow

pycryptodome is vulnerable to integer overflows. The library does not properly check if it is decrypting any incomplete blocks, allowing a malicious user to pass a message encrypted in AES with the ECB mode, causing the application to crash...

7.5CVSS7.4AI score0.0174EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2018/08/20 12:29 a.m.15 views

CVE-2018-15560

PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNIdecrypt functions, leading to the mishandling of messages shorter than 16 bytes...

7.5CVSS7.1AI score0.0174EPSS
Exploits1References3
Kitploit
Kitploit
added 2018/06/20 10:39 p.m.17 views

Crypto Identifier - Tool To Uncipher Data Using Multiple Algorithms And Block Chaining Modes

Crypto tool for pentest and ctf : try to uncipher data using multiple algorithms and block chaining modes. Usefull for a quick check on unknown cipher text and key dictionary. Supported Algorithms : AES ARC2 ARC4 Blowfish CAST DES DES3 XOR Supported modes : ECB CBC CFB OFB Usage: python...

7.3AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:49 p.m.27 views

Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879)

Summary The software uses an outdated insecure cipher or it is using a proprietary crypto standard which is likely to be vulnerable. Outdated/broken algorithms are MD4, MD5, SHA1, DES, ECB, RC4, Export ciphers, SSLv2, SSLv3, DH using keys less than 1024 Vulnerability Details CVEID: CVE-2016-2879...

7.8CVSS0.4AI score0.00209EPSS
Exploits0Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/14 12:7 p.m.97 views

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

4.3CVSS1.1AI score0.24282EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2018/06/08 12:0 a.m.40 views

ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution

The ClassLink OneClick Browser Extension and the ClassLink Agent are vulnerable to Universal XSS and Remote Code Execution. Vendor has released software updates to fix both vulnerabilities on 3 June 2018. === Vendor === ClassLink: https://www.classlink.com === Vulnerability 1: Universal XSS throu...

0.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2018/06/04 9:29 p.m.31 views

CVE-2016-1000352

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS6.9AI score0.0219EPSS
Exploits0References1
Prion
Prion
added 2018/06/04 9:29 p.m.26 views

Design/Logic Flaw

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

5.8CVSS6.9AI score0.0219EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2018/06/04 9:29 p.m.35 views

CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS6.9AI score0.0219EPSS
Exploits0References1
NVD
NVD
added 2018/06/04 9:29 p.m.29 views

CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS6.6AI score0.0219EPSS
Exploits0References5
NVD
NVD
added 2018/06/04 9:29 p.m.21 views

CVE-2016-1000352

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS6.6AI score0.0219EPSS
Exploits0References5
OSV
OSV
added 2018/06/04 9:29 p.m.5 views

UBUNTU-CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS7AI score0.0219EPSS
Exploits0References2
OSV
OSV
added 2018/06/04 9:29 p.m.2 views

DEBIAN-CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS9.4AI score0.0219EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 9:29 p.m.22 views

CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS8.6AI score
Exploits0References5
OSV
OSV
added 2018/06/04 9:29 p.m.9 views

CVE-2016-1000352

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS8.6AI score
Exploits0References5
CVE
CVE
added 2018/06/04 9:0 p.m.129 views

CVE-2016-1000352

In CVE-2016-1000352, the Bouncy Castle JCE Provider (BC) up to version 1.55 allowed ECB mode in ECIES, which is insecure. Affected product: BC JCE Provider

7.4CVSS7.4AI score0.0219EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder