15 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-28490
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified i...
EUVD-2017-2315
Malware in sbrugna...
EUVD-2019-16045
Malware in sbrugna...
EUVD-2022-0971
Malicious code in bioql PyPI...
CVE-2024-45384
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...
PT-2024-40973 · Unknown · Magiccrypt
Name of the Vulnerable Software and Affected Versions: MagicCrypt affected versions not specified Description: The issue concerns the use of insecure cryptographic algorithms and practices that compromise the integrity of encrypted data. Specifically, MagicCrypt64 uses the insecure DES block ciph...
Azure Storage SDK でのクライアントサイド暗号化におけるパディング オラクル の脆弱性を軽減
本ブログは、Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability の抄訳版です。最新の情報は原文を参照してください。...
Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability
Summary: Google informed Microsoft under Coordinated Vulnerability Disclosure CVD of a padding oracle vulnerability that may affect customers using Azure Storage SDK for Python, .NET, Java client-side encryption CVE-2022-30187. To mitigate this vulnerability, we released a new General Availabilit...
GHSA-64X4-9HC6-R2H6 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...
CVE-2020-8911
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...
CVE-2019-6485
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller ADC 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10....
Apache-mod_session_crypto module in the Padding Oracle vulnerability analysis-vulnerability warning-the black bar safety net
Recently, security researchers at theWeb serverApache modsessioncrypto module found a Padding Oracle vulnerability. An attacker can exploit this vulnerability to decrypt the session data, and even can be used to specify the data to be encrypted. Vulnerability details Product: Apache HTTP Server...
用友某重要站点Padding Oracle Vulnerability漏洞可登陆内部系统
简要描述: 用友某重点站点Padding Oracle Vulnerability漏洞,泄露某员工账号,可登录包括邮箱、采购等系统,可作为跳板,严重威胁内网 详细说明: 通过burp抓包可越权访问http://i.yonyou.com,造成信息泄露 利用获取的邮箱,进行找回密码操作,在找回密码第二部页面,存在Padding Oracle Vulnerability漏洞,可以获取敏感信息 利用获取到的敏感信息登录邮箱,mail.yonyou.com也能登录 采购系统 其他系统 img s...
POODLE vulnerability in SSL 3.0
Overview Many modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining CBC mode is used. This is commonly referred to as the "POODLE" Padding Oracle On Downgraded Legacy Encryption attack. Description CWE-327: U...
Padding Oracle Vulnerability in RSA Encryption
See https://framework.zend.com/security/advisory/ZF2015-10 it's essentially the same vulnerability...