Lucene search
+L

299 matches found

phpMyAdmin
phpMyAdmin
added 2016/07/07 12:0 a.m.74 views

Weakness with cookie encryption

PMASA-2016-29 Announcement-ID: PMASA-2016-29 Date: 2016-07-07 Summary Weakness with cookie encryption Description A pair of vulnerabilities were found affecting the way cookies are stored. The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker...

8.1CVSS7.2AI score0.01386EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/07/06 12:0 a.m.64 views

Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...

10CVSS8.6AI score0.89058EPSS
Exploits7Affected Software61
Tenable Nessus
Tenable Nessus
added 2016/05/27 12:0 a.m.182 views

Citrix XenServer Multiple Vulnerabilities (CTX212736)

The version of Citrix XenServer running on the remote host is affected by multiple vulnerabilities in the bundled versions of OpenSSL and QEMU : - Multiple flaws exist in the bundled version of OpenSSL in the aesnicbchmacsha1cipher and aesnicbchmacsha256cipher functions that are triggered when th...

10CVSS9AI score0.89058EPSS
Exploits7References5
OpenVAS
OpenVAS
added 2016/05/09 12:0 a.m.268 views

Mageia: Security Advisory (MGASA-2016-0169)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.6AI score0.89058EPSS
Exploits6References4
OSV
OSV
added 2016/05/07 9:22 p.m.15 views

MGASA-2016-0169 Updated openssl packages fix security vulnerability

An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption CVE-2016-2105. An overflow can occur in the EVPEncryptUpdate...

7.8CVSS6.9AI score0.89058EPSS
Exploits6References3
Prion
Prion
added 2016/05/05 1:59 a.m.37 views

Design/Logic Flaw

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

2.6CVSS7.8AI score0.89058EPSS
Exploits7References58Affected Software15
Cisco
Cisco
added 2016/05/04 7:30 p.m.80 views

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...

7.8AI score
Exploits0References1
ArchLinux
ArchLinux
added 2016/05/04 12:0 a.m.70 views

openssl: multiple issues

CVE-2016-2105 buffer overflow: An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the...

7.8CVSS1.1AI score0.89058EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2016/05/04 12:0 a.m.51 views

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-2959-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2959-1 advisory. Huzaifa Sidhpurwala, Hanno Bck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remot...

10CVSS8.2AI score0.89058EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2016/05/04 12:0 a.m.84 views

OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.1t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1t advisory. - The X509NAMEoneline function in crypto/x509/x509obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to...

8.2CVSS7.3AI score0.89058EPSS
Exploits6References11
CNVD
CNVD
added 2016/05/04 12:0 a.m.6 views

OpenSSL Cipher Stuffing Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. OpenSSL suffers fr...

5.9CVSS7.4AI score0.89058EPSS
Exploits6References1
Tenable Nessus
Tenable Nessus
added 2016/05/04 12:0 a.m.48 views

Amazon Linux AMI : openssl (ALAS-2016-695)

A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. CVE-2016-2107 , Important It was discovered that the ASN.1 parser can misinterpret a large universal t...

10CVSS7.7AI score0.89058EPSS
Exploits7References6
OpenVAS
OpenVAS
added 2016/05/04 12:0 a.m.55 views

Ubuntu: Security Advisory (USN-2959-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.6AI score0.89058EPSS
Exploits7References2
ThreatPost
ThreatPost
added 2016/05/03 12:17 p.m.50 views

OpenSSL Patches Padding Oracle Attack Bug

The latest batch of OpenSSL security patches were released today, with a pair of high-severity flaws and four low-severity issues addressed in OpenSSL 1.0.1t and OpenSSL 1.0.2h. One of the high-severity flaws, CVE-2016-2107, opens the door to a padding oracle attack that can allow for the...

2.6CVSS0.8AI score0.89058EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2016/04/22 12:0 a.m.56 views

MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (DROWN)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.30. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote...

10CVSS7.8AI score0.82112EPSS
Exploits2References19
Prion
Prion
added 2016/04/07 9:59 p.m.23 views

Code injection

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

4.3CVSS4.3AI score0.99999EPSS
Exploits7References8Affected Software3
NVD
NVD
added 2016/04/07 9:59 p.m.12 views

CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

5.9CVSS4.4AI score0.01899EPSS
Exploits0References8
OSV
OSV
added 2016/04/07 9:59 p.m.9 views

CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

5.9CVSS4.2AI score
Exploits0References8
myhack58
myhack58
added 2016/03/09 12:0 a.m.16 views

Technology sharing: the CBC, Padding Oracle attack re-interpretation, how to break HTTPS-bug warning-the black bar safety net

Why is a re-interpretation? Now about the Padding Oracle attack presentation, the better the articles including the content, are taken from this article in foreign languages. However, the text in the discussion a key issue of how to confirm the Padding bits, and no mention, which makes many puris...

7.2AI score
Exploits0
OSV
OSV
added 2016/03/02 11:59 a.m.11 views

CVE-2016-0704

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

5.9CVSS6.3AI score
Exploits0References29
Rows per page
Query Builder