2928 matches found
Information Disclosure
OpenSSL is vulnerable to information disclosure. It is possible because a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key can be recovered using a Bleichenbacher padding oracle attack after an attacker is notified with status of...
NewStart CGSL MAIN 4.06 : openssl Vulnerability (NS-SA-2019-0176)
The remote NewStart CGSL host, running version MAIN 4.06, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
ALPINE-CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
DEBIAN-CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
UBUNTU-CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
CVE-2019-1563
CVE-2019-1563 describes a Bleichenbacher padding oracle vulnerability in OpenSSL. The issue allows an attacker, after sending a large number of ciphertexts for decryption, to recover the CMS/PKCS7 encryption key or decrypt RSA-encrypted data when the attacker can observe decryption success/failur...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
Vulnerability in OpenSSL - Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
openssl security update
CentOS Errata and Security Advisory CESA-2019:2304 An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
The vulnerability of the SymCrypt library in the Windows operating system, which allows a hacker to disclose protected information
The vulnerability of the SymCrypt library in the Windows operating system is related to errors in cryptographic transformations. Exploiting this vulnerability can allow an attacker to disclose protected information during the OAEP decryption process...
Scientific Linux Security Update : openssl on SL7.x x86_64 (20190806)
Security Fixes : - openssl: 0-byte record padding oracle CVE-2019-1559 - openssl: timing side channel attack in the DSA signature algorithm CVE-2018-0734 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128247;...
CVE-2019-5592
Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...
CVE-2019-5592
Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...
Design/Logic Flaw
Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...
CVE-2019-5592
Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...