299 matches found
CVE-2015-7824
Botan 1.11.x prior to 1.11.22 is vulnerable to a padding-oracle attack that makes it easier for remote attackers to decrypt TLS ciphertext when using TLS CBC ciphersuites. This is a remote/network issue affecting the Botan cryptographic library; exploitation is contingent on using an affected 1.1...
Code injection
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...
Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities
The version of Tenable Log Correlation Engine LCE installed on the remote host is prior to 4.8.1. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting XSS vulnerabilities exist in the Handlebars library in the lib/handlebars/utils.js script due to a failur...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
Default credentials
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...
CVE-2016-6606
phpMyAdmin is affected by CVE-2016-6606 due to a padding oracle vulnerability in cookie-based encryption that could allow an attacker with access to a user’s browser cookie to decrypt the stored username and password. The issue also stems from reusing the same IV to hash the username and password...
Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)
The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVPEncodeUpdate function within file...
F5 BIG-IP - TMM SSL/TLS virtual server vulnerability CVE-2016-6907
TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if...
F5 Networks BIG-IP : TMM SSL/TLS virtual server vulnerability (K39508724)
TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a 'Vaudenay timing attack' aka 'Padding oracle attack.'CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms : The VIPRION B4450 blade and BIG-IP 2000 and 4000 series platforms are...
DLA-626-1 phpmyadmin - security update
Bulletin has no description...
CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
Design/Logic Flaw
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...
Updated phpmyadmin packages fix security vulnerability
In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...
Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)
The version of Oracle Secure Global Desktop installed on the remote host is 4.63, 4.71, or 5.2 and is missing a security patch from the July 2016 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists in the X Server...
Oracle VM VirtualBox < 5.0.22 Multiple Vulnerabilities (July 2016 CPU)
The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.22. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL component : - A heap buffer overflow condition exists in the EVPEncodeUpdate function within file crypto/evp/encode.c that ...
Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)
According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improp...
OpenSSL 1.0.1 < 1.0.1t / 1.0.2 < 1.0.2h Multiple Vulnerabilities
Binary data 9390.prm...