Lucene search
+L

1112 matches found

NVD
NVD
added 2013/11/18 2:55 a.m.18 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

2.6CVSS5.9AI score0.02813EPSS
Exploits1References10
OSV
OSV
added 2013/11/18 2:55 a.m.3 views

DEBIAN-CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

2.6CVSS6.5AI score0.02813EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2013/11/17 12:0 a.m.29 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

2.6CVSS5.9AI score0.02813EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2013/11/15 6:16 p.m.26 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

2.6CVSS5.9AI score0.02813EPSS
Exploits1
CVE
CVE
added 2013/11/15 6:16 p.m.216 views

CVE-2013-2061

OpenVPN 2.3.0 and earlier is affected in UDP mode due to two issues in crypto.c: (1) openvpn_decrypt uses an HMAC comparison that does not run in constant time, enabling timing-based information disclosure, and (2) a padding oracle risk in the CBC mode cipher. Exploitation could allow an unauthen...

2.6CVSS5.8AI score0.02813EPSS
Exploits1References10Affected Software2
Cvelist
Cvelist
added 2013/11/15 6:16 p.m.27 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

5.7AI score0.02813EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2013/11/13 12:0 a.m.122 views

ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the tzfileread function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone TZ file, to cause a denial of service or the execution of...

9.3CVSS9.1AI score0.17687EPSS
Exploits13References28
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.6 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.91 views

OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption

OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...

2.6CVSS9AI score0.02426EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/10/01 12:0 a.m.41 views

Amazon Linux AMI : nspr (ALAS-2013-216)

It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding...

5CVSS7.1AI score0.05213EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/10/01 12:0 a.m.229 views

Amazon Linux AMI : nss (ALAS-2013-217)

It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding...

5CVSS7.1AI score0.05213EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.46 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)

Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-1486 , CVE-2013-1484 An improper permission check issue was discovered in the...

10CVSS6.7AI score0.35584EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.23 views

Amazon Linux AMI : openvpn (ALAS-2013-201)

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. ...

2.6CVSS5.3AI score0.02813EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2013/08/08 12:0 a.m.31 views

CentOS Update for nspr CESA-2013:1135 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.4AI score0.05213EPSS
Exploits0References2
Amazon
Amazon
added 2013/08/07 12:0 a.m.61 views

Medium: nspr

Issue Overview: It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS serve...

5CVSS7.6AI score0.05213EPSS
Exploits0References1
Amazon
Amazon
added 2013/08/07 12:0 a.m.61 views

Medium: nss

Issue Overview: It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS serve...

5CVSS7.6AI score0.05213EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/08/05 3:46 p.m.60 views

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

Updated nss and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

5CVSS6.7AI score0.05213EPSS
Exploits0References6
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.128 views

[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM...

4.3CVSS5.7AI score0.00748EPSS
Exploits0
NVD
NVD
added 2013/06/21 7:55 p.m.30 views

CVE-2013-0523

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...

4.3CVSS6.1AI score0.00748EPSS
Exploits0References5
Prion
Prion
added 2013/06/21 7:55 p.m.18 views

Design/Logic Flaw

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...

4.3CVSS6.5AI score0.00748EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder