Lucene search
K

265 matches found

Cvelist
Cvelist
added 2016/05/09 10:0 a.m.25 views

CVE-2016-2461

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...

7AI score0.00455EPSS
Exploits0References3
CVE
CVE
added 2016/05/09 10:0 a.m.48 views

CVE-2016-2462

Summary (CVE-2016-2462) : In Android 6.x, the Conscrypt/OpenSSL binding (OpenSSLCipher.java) mishandled updates to the AAD array, enabling possible spoofing of message authentication via unspecified vectors (internal bug 27371173). This is a local/authenticated context issue due to the cipher sta...

7.6CVSS7AI score0.00391EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/05/09 10:0 a.m.51 views

CVE-2016-2461

CVE-2016-2461 affects OpenSSLCipher.java in Conscrypt on Android 6.x. The issue arises from mishandling resets of the AAD array, allowing a local attacker to spoof message authentication via unspecified vectors (internal bugs 27324690, 27696681). The vulnerability is tied to Conscrypt in the Andr...

7.6CVSS7.1AI score0.00455EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/05/09 10:0 a.m.24 views

CVE-2016-2462

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...

6.9AI score0.00391EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/04/29 12:0 a.m.25 views

CVE-2016-1550

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...

5.3CVSS6.8AI score0.03634EPSS
Exploits1References4
OSV
OSV
added 2016/04/29 12:0 a.m.3 views

UBUNTU-CVE-2016-1550

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...

5.3CVSS6.8AI score0.03634EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2016/04/28 12:0 a.m.5 views

PT-2016-4857 · Ntp +8 · Ntp +10

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8p4 NTPSec version a5fb34b9cc89b92a8fef2f459004865c93bb7f92 Description: An issue exists in the message authentication functionality of libntp, allowing an attacker to send crafted messages in an attempt to recover the messag...

9.8CVSS6.5AI score0.97549EPSS
Exploits59References218
OSV
OSV
added 2016/04/27 5:59 p.m.3 views

DEBIAN-CVE-2016-2085

The evmverifyhmac function in security/integrity/evm/evmmain.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack...

5.5CVSS7.1AI score0.00442EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2016/02/15 2:59 a.m.3 views

CVE-2015-5012

The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via...

7.5CVSS5.6AI score0.01552EPSS
Exploits0References4
Cent OS
Cent OS
added 2015/11/30 7:45 p.m.123 views

ntp, ntpdate, sntp security update

CentOS Errata and Security Advisory CESA-2015:2231 Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

7.5CVSS6.9AI score0.06135EPSS
Exploits0References7
CNVD
CNVD
added 2015/10/22 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Communications Applications (CNVD-2015-06825)

Oracle Communications Applications is the United States Oracle Oracle company's set of communications middleware. An unspecified vulnerability exists in Oracle Communications Applications 10.2.0 and earlier versions. The vulnerability allows remote attackers to compromise confidentiality,...

10CVSS6.8AI score0.03092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2015/09/18 5:35 a.m.6 views

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

5CVSS5.9AI score0.03099EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/13 12:0 a.m.3 views

Fortinet FortiOS Input Validation Vulnerability

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A security...

5CVSS6.7AI score0.02089EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/07/15 12:0 a.m.41 views

Cisco ASA Message Authentication Code Vulnerability (Cisco-SA-20150714-CVE-2015-4458)

Cisco ASA is prone to a Message Authentication Code checking vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

4.3CVSS6.8AI score0.00982EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/07/14 12:0 a.m.8 views

PT-2015-1639 · Cisco +1 · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software version 9.15.21 Description: The issue is related to the TLS implementation in the Cavium cryptographic-module firmware, which does not verify the MAC field. This allows man-in-the-middle attacke...

4.3CVSS5.8AI score0.00982EPSS
Exploits0References5
OSV
OSV
added 2015/04/08 12:0 a.m.10 views

UBUNTU-CVE-2015-1798

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

1.8CVSS6.7AI score0.02219EPSS
Exploits0References4
securityvulns
securityvulns
added 2015/04/08 12:0 a.m.84 views

ntpd restrictions bypass

message authentication code implementation is invalid and can be bypasses...

4.3CVSS2.8AI score0.02219EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2013/05/22 6:33 p.m.14 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/05/20 2:27 p.m.10 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/05/14 5:49 p.m.7 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
Rows per page
Query Builder