Lucene search
+L

299 matches found

Tenable Nessus
Tenable Nessus
added 2016/01/25 12:0 a.m.124 views

Debian DLA-400-1 : pound security update (BEAST) (POODLE)

This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and...

9.8CVSS7.5AI score0.99999EPSS
Exploits26References6
Tenable Nessus
Tenable Nessus
added 2015/12/10 12:0 a.m.35 views

Debian DLA-364-1 : gnutls26 security update

Hanno Bck discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validated the first padding byte in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. For Debian 6 'Squeeze', this issue has been fixed in gnutls...

5.9CVSS6AI score0.01685EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/12/01 12:0 a.m.36 views

Debian Security Advisory DSA 3408-1 (gnutls26 - security update)

It was discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validates the first byte of padding in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. OpenVAS Vulnerability Test $Id: deb3408.nasl 6609 2017-07-0...

0.01685EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/12/01 12:0 a.m.13 views

Ubuntu 14.04 LTS : GnuTLS vulnerability (USN-2821-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2821-1 advisory. It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding...

5.7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2015/12/01 12:0 a.m.14 views

Ubuntu: Security Advisory (USN-2821-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Ubuntu
Ubuntu
added 2015/11/30 8:4 p.m.37 views

USN-2821-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack...

5.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2015/11/30 12:0 a.m.27 views

Debian: Security Advisory (DSA-3408-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.7AI score0.01685EPSS
Exploits0References3
NVD
NVD
added 2015/11/08 10:59 p.m.23 views

CVE-2015-7412

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...

2.6CVSS6.3AI score0.01014EPSS
Exploits0References2
Prion
Prion
added 2015/11/08 10:59 p.m.20 views

Code injection

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...

2.6CVSS6.8AI score0.01014EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/11/08 10:0 p.m.37 views

CVE-2015-7412

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...

6.3AI score0.01014EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.41 views

Amazon Linux: Security Advisory (ALAS-2015-471)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS5.6AI score0.99999EPSS
Exploits12References2
Prion
Prion
added 2015/08/03 1:59 a.m.16 views

Security feature bypass

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566...

4.3CVSS3.8AI score0.99999EPSS
Exploits7References3Affected Software1
Positive Technologies
Positive Technologies
added 2015/05/05 12:0 a.m.6 views

PT-2016-3603 · Erlang +1 · Erlang/Otp +1

Name of the Vulnerable Software and Affected Versions: Erlang/OTP versions prior to 18.0-rc1 Description: The issue makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of the POODLE attack. This occurs because Erlang/OTP does not properl...

9.8CVSS6AI score0.22098EPSS
Exploits1References30
RedHat Linux
RedHat Linux
added 2015/03/23 8:50 p.m.5 views

openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...

5.9CVSS6.8AI score0.06903EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2015/01/27 12:0 a.m.36 views

CentOS Update for java CESA-2015:0085 centos7

Check the version of java SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882104";...

10CVSS6.3AI score0.06877EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2015/01/23 12:0 a.m.69 views

jdk7-openjdk: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6585 out-of-bounds read Allows remote attackers to affect confidentiality via font parsing...

10CVSS7.1AI score0.99999EPSS
Exploits12References17
Tenable Nessus
Tenable Nessus
added 2015/01/23 12:0 a.m.47 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-471) (POODLE)

A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. CVE-2014-6601 Multiple improper permission check issues were discovered in the JAX-WS, and...

10CVSS6.7AI score0.99999EPSS
Exploits12References13
OpenVAS
OpenVAS
added 2015/01/23 12:0 a.m.31 views

CentOS Update for java CESA-2015:0069 centos6

Check the version of java SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882097";...

6.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/01/22 12:0 a.m.50 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150121) (POODLE)

A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. CVE-2014-6601 Multiple improper permission check issues were discovered in the JAX-WS, and...

10CVSS6.8AI score0.99999EPSS
Exploits12References13
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.53 views

Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl6) (POODLE)

The remote Solaris system is missing necessary patches to address security updates : - Memory leak in d1srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted handshake message. CVE-2014-3513 - The SSL...

7.1CVSS6.4AI score0.99999EPSS
Exploits7References6
Rows per page
Query Builder