237 matches found
F5 Networks BIG-IP : Nettle vulnerability (K45616155)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K45616155 advisory. - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion ...
Oracle Linux 6 : openssl (ELSA-2016-3558)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3558 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...
Oracle Linux 7 : openssl (ELSA-2016-3556)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3556 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...
Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk
A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the...
CVE-2023-2197
A flaw was found in HashiCorp Vault Enterprise, where it could allow a local authenticated attacker to obtain sensitive information caused by a flaw when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. By utilizing padding oracle attack techniques, an attacke...
EulerOS Virtualization 3.0.2.0 : shim-signed (EulerOS-SA-2023-1748)
According to the versions of the shim-signed packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would...
Design/Logic Flaw
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...
CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...
CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...
CVE-2023-2197
CVE-2023-2197 affects HashiCorp Vault Enterprise 1.13.0 to 1.13.1, where using an HSM with CBC-based encryption (CKM_AES_CBC_PAD or CKM_AES_CBC) enables a padding oracle condition. An attacker with storage-modification privileges and Vault restart capability could intercept or modify ciphertext t...
Debian: Security Advisory (DLA-364-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K39508724: TMM SSL/TLS virtual server vulnerability CVE-2016-6907
Security Advisory Description TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a "Vaudenay timing attack" aka 'Padding oracle attack.' CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms: The VIPRION B4450 blade and BIG-IP 2000 a...
K15388: OpenSSL vulnerability CVE-2011-4108
Security Advisory Description The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. CVE-2011-4108 Impact BIG-IP hosts may be...
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...
Slackware: Security Advisory (SSA:2018-339-02)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: OpenSSL vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)
Summary Multiple OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL has internal defaults for a directo...
Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)
Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote...
EulerOS Virtualization 2.9.1 : shim (EulerOS-SA-2021-2758)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in a...
EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2021-2785)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in a...
SUSE SLES11 Security Update : openssl (SUSE-SU-2019:14249-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14249-1 advisory. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very...