Lucene search
K

237 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.21 views

F5 Networks BIG-IP : Nettle vulnerability (K45616155)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K45616155 advisory. - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion ...

5.7CVSS5.5AI score0.01495EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.26 views

Oracle Linux 6 : openssl (ELSA-2016-3558)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3558 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...

10CVSS7.7AI score0.89058EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.16 views

Oracle Linux 7 : openssl (ELSA-2016-3556)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3556 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...

10CVSS7.8AI score0.89058EPSS
Exploits8References8
The Hacker News
The Hacker News
added 2023/08/10 11:14 a.m.34 views

Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the...

6.4AI score0.01091EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2023/05/15 9:21 a.m.31 views

CVE-2023-2197

A flaw was found in HashiCorp Vault Enterprise, where it could allow a local authenticated attacker to obtain sensitive information caused by a flaw when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. By utilizing padding oracle attack techniques, an attacke...

2.5CVSS6AI score0.00086EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/07 12:0 a.m.24 views

EulerOS Virtualization 3.0.2.0 : shim-signed (EulerOS-SA-2023-1748)

According to the versions of the shim-signed packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would...

7.8CVSS7.5AI score0.70561EPSS
Exploits2References8
Prion
Prion
added 2023/05/01 8:15 p.m.19 views

Design/Logic Flaw

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

1CVSS3.8AI score0.00086EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/05/01 7:41 p.m.29 views

CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

2.5CVSS5.7AI score0.00086EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/05/01 7:41 p.m.10 views

CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

2.5CVSS3.4AI score0.00086EPSS
Exploits0References2
CVE
CVE
added 2023/05/01 7:41 p.m.241 views

CVE-2023-2197

CVE-2023-2197 affects HashiCorp Vault Enterprise 1.13.0 to 1.13.1, where using an HSM with CBC-based encryption (CKM_AES_CBC_PAD or CKM_AES_CBC) enables a padding oracle condition. An attacker with storage-modification privileges and Vault restart capability could intercept or modify ciphertext t...

2.5CVSS3.3AI score0.00086EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.19 views

Debian: Security Advisory (DLA-364-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.8AI score0.01685EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.41 views

K39508724: TMM SSL/TLS virtual server vulnerability CVE-2016-6907

Security Advisory Description TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a "Vaudenay timing attack" aka 'Padding oracle attack.' CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms: The VIPRION B4450 blade and BIG-IP 2000 a...

6.5AI score
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 6:50 p.m.30 views

K15388: OpenSSL vulnerability CVE-2011-4108

Security Advisory Description The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. CVE-2011-4108 Impact BIG-IP hosts may be...

4.3CVSS7.7AI score0.15757EPSS
Exploits0Affected Software13
Github Security Blog
Github Security Blog
added 2022/07/13 12:0 a.m.48 views

Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS5.6AI score0.00521EPSS
Exploits0References5Affected Software5
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.13 views

Slackware: Security Advisory (SSA:2018-339-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.7CVSS6AI score0.01495EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 8:10 p.m.31 views

Security Bulletin: OpenSSL vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary Multiple OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL has internal defaults for a directo...

5.3CVSS5.4AI score0.06232EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:59 p.m.57 views

Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)

Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote...

5.9CVSS5.9AI score0.17139EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.31 views

EulerOS Virtualization 2.9.1 : shim (EulerOS-SA-2021-2758)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in a...

7.5CVSS7.2AI score0.78675EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.34 views

EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2021-2785)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in a...

7.5CVSS7.2AI score0.78675EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.256 views

SUSE SLES11 Security Update : openssl (SUSE-SU-2019:14249-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14249-1 advisory. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very...

4.3CVSS6.4AI score0.03838EPSS
Exploits0References4
Rows per page
Query Builder