Lucene search
+L

299 matches found

Tenable Nessus
Tenable Nessus
added 2019/03/04 12:0 a.m.89 views

Debian DLA-1701-1 : openssl security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application...

5.9CVSS6.2AI score0.17139EPSS
Exploits0References3
Veracode
Veracode
added 2019/03/01 1:32 a.m.33 views

Padding Oracle Attack

openssl is vulnerable to padding oracle attacks. In the event of a fatal protocol error and SSLshutdown is called twice, an attacker is able to perform a padding oracle attack to decrypt data by sending a 0 byte record with invalid padding, causing the application to behave differently due to...

5.9CVSS6.1AI score0.17139EPSS
Exploits0References41Affected Software12
Tenable Nessus
Tenable Nessus
added 2019/03/01 12:0 a.m.34 views

Debian DSA-4400-1 : openssl1.0 - security update

Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4400. The text itself is copyright C Software in the Public...

5.9CVSS6.3AI score0.17139EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/02/28 12:0 a.m.52 views

Ubuntu: Security Advisory (USN-3899-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.7AI score0.17139EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 9:17 a.m.50 views

Padding Oracle Attack

httpd is vulnerable to padding oracle attack. It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a...

7.5CVSS7.3AI score0.49024EPSS
Exploits4References46Affected Software4
Github Security Blog
Github Security Blog
added 2018/10/18 6:4 p.m.64 views

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

5.9CVSS3.7AI score0.02618EPSS
Exploits0References9Affected Software3
OSV
OSV
added 2018/10/16 7:58 p.m.24 views

GHSA-GR4C-5RQ6-CGH3 OPC UA applications can allow a remote attacker to determine a Server's private key

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

5.3CVSS5.6AI score0.01581EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2018/10/16 7:58 p.m.47 views

OPC UA applications can allow a remote attacker to determine a Server's private key

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

5.3CVSS3.9AI score0.01581EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/10/10 12:0 a.m.29 views

FreeBSD : tinc -- Buffer overflow (a4eb38ea-cc06-11e8-ada4-408d5cf35399)

tinc-vpn.org reports : The authentication protocol allows an oracle attack that could potentially be exploited. If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period. C Tenable Network Security,...

5.9CVSS5.2AI score0.01472EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2018/10/08 12:0 a.m.494 views

tinc -- Buffer overflow

tinc-vpn.org reports: The authentication protocol allows an oracle attack that could potentially be exploited. If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period...

3.3AI score
Exploits0References2
NVD
NVD
added 2018/08/21 1:29 p.m.26 views

CVE-2017-17305

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...

5.9CVSS6.2AI score0.01045EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/07/09 12:0 a.m.45 views

Debian DLA-1418-1 : bouncycastle security update

Several security vulnerabilities were found in Bouncy Castle, a Java implementation of cryptographic algorithms. CVE-2016-1000338 DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have...

7.5CVSS6.3AI score0.032EPSS
Exploits0References9
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/14 12:7 p.m.102 views

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

4.3CVSS1.1AI score0.24282EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2018/06/14 12:0 a.m.48 views

openSUSE Security Update : bouncycastle (openSUSE-2018-628)

This update for bouncycastle to version 1.59 fixes the following issues : These security issues were fixed : - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite usin...

7.5CVSS6.5AI score0.24282EPSS
Exploits0References22
Prion
Prion
added 2018/06/13 6:29 p.m.14 views

Code injection

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

3.5CVSS5.5AI score0.01581EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2018/06/13 6:29 p.m.24 views

CVE-2018-7559

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

5.3CVSS5.7AI score0.01581EPSS
Exploits0References4
OSV
OSV
added 2018/06/13 6:29 p.m.23 views

CVE-2018-7559

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

5.3CVSS7.3AI score0.01581EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/06/13 6:0 p.m.31 views

CVE-2018-7559

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

5.3AI score0.01581EPSS
Exploits0References4
Prion
Prion
added 2018/06/04 9:29 p.m.27 views

Code injection

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

4.3CVSS6.7AI score0.02618EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2018/06/04 9:29 p.m.27 views

CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

5.9CVSS5.9AI score0.02618EPSS
Exploits0References7
Rows per page
Query Builder