CVE-2017-8087

Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors...

CVE-2017-8087

Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors...

CVE-2017-8087

The affected device is AVM Fritz!Box 7490 running Fritz!OS 6.80 or 6.83. The issue is an information leakage in PPPoE packet padding that can allow physically proximate attackers to view slices of previously transmitted packets or portions of memory via unspecified vectors. The connected sources ...

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2019-1559 Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP...

Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics

Summary Open Source OpenSSL is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA...

Insecure Cryptography Algorithm

Overview Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later. References - GitHub Issue - Padding...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0206)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signin...

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

Debian: Security Advisory (DSA-4540-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-4539-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4539-1 : openssl - security update

Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7dataDecode and CMSdecryptset1pkey and it was discovered that a feature of the random number generator RNG intended to protect against shared RNG state between parent and child processes in th...

[SECURITY] [DSA 4540-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4540-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4539-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4539-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq -...

CVE-2019-3730

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...

Design/Logic Flaw

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...

CVE-2019-3730

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...

CVE-2019-3730

Dell RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x) are affected by an Information Exposure Through an Error Message vulnerability (padding oracle). A remote attacker could potentially exploit this to extract sensitive information, per CVE...

Debian DLA-1932-1 : openssl security update

Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit...

[SECURITY] [DLA 1932-1] openssl security update

Package : openssl Version : 1.0.1t-1+deb8u12 CVE ID : CVE-2019-1547 CVE-2019-1563 Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths...

Router Exploit Shovel - Automated Application Generation For Stack Overflow Types On Wireless Routers

Automated Application Generation for Stack Overflow Types on Wireless Routers Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the...