Lucene search
+L

299 matches found

Veracode
Veracode
added 2019/11/19 6:49 a.m.27 views

Padding Oracle Attack

Apache Shiro is vulnerable to padding oracle attack. The attack is possible as it adopts RememberMe configuration for cookies as a default and uses CBC mode of encryption, which would allow an attacker to perform a Java deserialization attack that results in remote code execution...

7.5CVSS4.5AI score0.09101EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.38 views

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

5.9CVSS6.6AI score0.12154EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.68 views

EulerOS 2.0 SP3 : openssl1.1.0f (EulerOS-SA-2019-2254)

According to the versions of the openssl1.1.0f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some...

4.7CVSS6.7AI score0.03838EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/11/03 4:23 a.m.34 views

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████

Description We were able to identify CVE-2018-2879 in Oracle Access Manager, used on the https://██████ Link to the CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-2879 This vulnerability is rated critical, and may allow unauthenticated attacker with network access via HTTP to compromise Oracle...

6.8CVSS0.4AI score0.22154EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/22 4:17 a.m.55 views

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2019-1559 Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP...

5.9CVSS1.7AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:36 a.m.42 views

Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics

Summary Open Source OpenSSL is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA...

5.9CVSS0.7AI score0.17139EPSS
Exploits0Affected Software1
Prion
Prion
added 2019/09/30 10:15 p.m.18 views

Design/Logic Flaw

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...

5CVSS7.3AI score0.00639EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/09/30 9:48 p.m.27 views

CVE-2019-3730

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...

5.9CVSS7.3AI score0.00639EPSS
Exploits0References1
CVE
CVE
added 2019/09/30 9:48 p.m.108 views

CVE-2019-3730

Dell RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x) are affected by an Information Exposure Through an Error Message vulnerability (padding oracle). A remote attacker could potentially exploit this to extract sensitive information, per CVE...

7.5CVSS7.3AI score0.00639EPSS
Exploits0References1Affected Software1
Debian
Debian
added 2019/09/25 9:56 p.m.67 views

[SECURITY] [DLA 1932-1] openssl security update

Package : openssl Version : 1.0.1t-1+deb8u12 CVE ID : CVE-2019-1547 CVE-2019-1563 Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths...

4.7CVSS6.5AI score0.03838EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/09/10 5:15 p.m.39 views

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS6.7AI score0.03838EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2019/09/10 4:58 p.m.51 views

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS6.4AI score0.03838EPSS
Exploits0
CVE
CVE
added 2019/09/10 4:58 p.m.407 views

CVE-2019-1563

CVE-2019-1563 describes a Bleichenbacher padding oracle vulnerability in OpenSSL. The issue allows an attacker, after sending a large number of ciphertexts for decryption, to recover the CMS/PKCS7 encryption key or decrypt RSA-encrypted data when the attacker can observe decryption success/failur...

4.3CVSS5.5AI score0.03838EPSS
Exploits0References30Affected Software1
AlpineLinux
AlpineLinux
added 2019/09/10 4:58 p.m.63 views

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS5.5AI score0.03838EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/08/23 12:0 a.m.37 views

OpenSSL 1.1.0 < 1.1.0l Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0l. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0l advisory. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, aft...

4.7CVSS6.6AI score0.03838EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2019/08/23 12:0 a.m.99 views

OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2t advisory. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, aft...

4.7CVSS6.6AI score0.03838EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/21 6:20 a.m.36 views

Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1559)

Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain...

5.9CVSS0.7AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/21 7:45 p.m.51 views

Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability

Summary IBM Security Guardium is aware of the following vulnerability Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-leng...

5.9CVSS1.5AI score0.17139EPSS
Exploits0Affected Software1
IBM AIX
IBM AIX
added 2019/04/16 10:48 a.m.687 views

There is a vulnerability in OpenSSL used by AIX.

IBM SECURITY ADVISORY First Issued: Tue Apr 16 10:48:55 CDT 2019 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory30.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory30.asc...

5.9CVSS6.3AI score0.17139EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/05 11:50 a.m.50 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary OpenSSL vulnerabilities were disclosed on 30 October 2018 and later by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVE-ID:...

5.9CVSS0.6AI score0.17139EPSS
Exploits0Affected Software1
Rows per page
Query Builder