1112 matches found
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
DEBIAN-CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
CVE-2013-2061
OpenVPN 2.3.0 and earlier is affected in UDP mode due to two issues in crypto.c: (1) openvpn_decrypt uses an HMAC comparison that does not run in constant time, enabling timing-based information disclosure, and (2) a padding oracle risk in the CBC mode cipher. Exploitation could allow an unauthen...
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)
The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the tzfileread function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone TZ file, to cause a denial of service or the execution of...
SSL/TLS: CBC padding timing attack (lucky-13)
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...
OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption
OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...
Amazon Linux AMI : nspr (ALAS-2013-216)
It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding...
Amazon Linux AMI : nss (ALAS-2013-217)
It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)
Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-1486 , CVE-2013-1484 An improper permission check issue was discovered in the...
Amazon Linux AMI : openvpn (ALAS-2013-201)
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. ...
CentOS Update for nspr CESA-2013:1135 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: nspr
Issue Overview: It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS serve...
Medium: nss
Issue Overview: It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS serve...
Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
Updated nss and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM...
CVE-2013-0523
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...
Design/Logic Flaw
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...