Lucene search
+L

299 matches found

CVE
CVE
added 2017/04/10 3:0 p.m.43 views

CVE-2015-7824

Botan 1.11.x prior to 1.11.22 is vulnerable to a padding-oracle attack that makes it easier for remote attackers to decrypt TLS ciphertext when using TLS CBC ciphersuites. This is a remote/network issue affecting the Botan cryptographic library; exploitation is contingent on using an affected 1.1...

7.5CVSS7.4AI score0.01686EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/03/23 8:59 p.m.19 views

Code injection

Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

3.5CVSS3.9AI score0.99999EPSS
Exploits7References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2017/03/22 12:0 a.m.119 views

Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities

The version of Tenable Log Correlation Engine LCE installed on the remote host is prior to 4.8.1. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting XSS vulnerabilities exist in the Handlebars library in the lib/handlebars/utils.js script due to a failur...

10CVSS8.2AI score0.89058EPSS
Exploits21References30
OSV
OSV
added 2016/12/11 2:59 a.m.21 views

CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

8.1CVSS6.8AI score
Exploits0References4
Prion
Prion
added 2016/12/11 2:59 a.m.21 views

Default credentials

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

5CVSS6.6AI score0.01386EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2016/12/11 2:59 a.m.31 views

CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

8.1CVSS7.2AI score0.01386EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/12/11 2:0 a.m.24 views

CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

8.7AI score0.01386EPSS
Exploits0References4
CVE
CVE
added 2016/12/11 2:0 a.m.134 views

CVE-2016-6606

phpMyAdmin is affected by CVE-2016-6606 due to a padding oracle vulnerability in cookie-based encryption that could allow an attacker with access to a user’s browser cookie to decrypt the stored username and password. The issue also stems from reusing the same IV to hash the username and password...

8.1CVSS8.5AI score0.01386EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/10/20 12:0 a.m.59 views

Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVPEncodeUpdate function within file...

8.2CVSS7.7AI score0.89058EPSS
Exploits6References26
OpenVAS
OpenVAS
added 2016/09/30 12:0 a.m.27 views

F5 BIG-IP - TMM SSL/TLS virtual server vulnerability CVE-2016-6907

TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if...

5.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/09/28 12:0 a.m.54 views

F5 Networks BIG-IP : TMM SSL/TLS virtual server vulnerability (K39508724)

TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a 'Vaudenay timing attack' aka 'Padding oracle attack.'CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms : The VIPRION B4450 blade and BIG-IP 2000 and 4000 series platforms are...

5.4AI score
Exploits0References2
OSV
OSV
added 2016/09/17 12:0 a.m.46 views

DLA-626-1 phpmyadmin - security update

Bulletin has no description...

9.8CVSS6.4AI score0.0475EPSS
Exploits0
NVD
NVD
added 2016/09/08 4:59 p.m.21 views

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

4.3CVSS4AI score0.01647EPSS
Exploits0References4
Prion
Prion
added 2016/09/08 4:59 p.m.18 views

Design/Logic Flaw

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

4.3CVSS6.7AI score0.01647EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/09/08 4:0 p.m.29 views

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

3.9AI score0.01647EPSS
Exploits0References4
Mageia
Mageia
added 2016/08/31 3:32 p.m.40 views

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

10CVSS0.6AI score0.0475EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2016/07/25 12:0 a.m.60 views

Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)

The version of Oracle Secure Global Desktop installed on the remote host is 4.63, 4.71, or 5.2 and is missing a security patch from the July 2016 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists in the X Server...

10CVSS8.3AI score0.89058EPSS
Exploits6References10
Tenable Nessus
Tenable Nessus
added 2016/07/20 12:0 a.m.53 views

Oracle VM VirtualBox < 5.0.22 Multiple Vulnerabilities (July 2016 CPU)

The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.22. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL component : - A heap buffer overflow condition exists in the EVPEncodeUpdate function within file crypto/evp/encode.c that ...

8.2CVSS7.2AI score0.89058EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2016/07/14 12:0 a.m.213 views

Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)

According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improp...

10CVSS8.7AI score0.89058EPSS
Exploits7References17
Tenable Nessus
Tenable Nessus
added 2016/07/08 12:0 a.m.21 views

OpenSSL 1.0.1 < 1.0.1t / 1.0.2 < 1.0.2h Multiple Vulnerabilities

Binary data 9390.prm...

8.2CVSS7.3AI score0.89058EPSS
Exploits6References8
Rows per page
Query Builder