CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2927 matches found

Tenable Nessus•added 2019/01/30 12:0 a.m.•108 views

Citrix NetScaler Gateway TLS Padding Oracle Vulnerability (CTX240139)

The remote Citrix NetScaler device is affected by a TLS padding oracle vulnerability. An attacker may be able to leverage this vulnerability to decrypt TLS traffic. Please refer to advisory CTX240139 for more information. Note appliances with all CBC-based ciphers disabled are not affected by thi...

5.9CVSS6AI score0.02315EPSS

Exploits0References2

Citrix•added 2019/01/23 5:0 a.m.•35 views

CVE-2019-6485 - TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway

Description of Problem A vulnerability has been identified in the Citrix Application Delivery Controller ADC formally known as NetScaler ADC and NetScaler Gateway platforms using hardware acceleration that could allow an attacker to exploit the appliance to decrypt TLS traffic. This vulnerability...

5.9CVSS0.9AI score0.02315EPSS

Exploits0

Veracode•added 2019/01/15 9:17 a.m.•46 views

Padding Oracle Attack

httpd is vulnerable to padding oracle attack. It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a...

7.5CVSS7.3AI score0.49024EPSS

Exploits4References46Affected Software4

Veracode•added 2019/01/15 8:58 a.m.•28 views

Information Leakage

The GnuTLS library is susceptible to information leakage. When CBC-mode cipher is used, attacker can use a TLS/SSL server as a padding oracle to decrypt the encrypted packets...

4CVSS5.7AI score0.0644EPSS

Exploits1References16Affected Software1

Veracode•added 2019/01/15 8:52 a.m.•36 views

Timing Side- Channel Attack

OpenSSL is vulnerable to timing attacks. It happens because of lack of validation of MAC addresses in constant time during the processing of a malformed CBC padding. It is also known as "Lucky Thirteen" issue...

2.6CVSS6.4AI score0.35584EPSS

Exploits0References58Affected Software4

Tenable Nessus•added 2019/01/10 12:0 a.m.•40 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : NSS vulnerabilities (USN-3850-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3850-1 advisory. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perfo...

5.9CVSS6.3AI score0.44398EPSS

Exploits1References4

OpenVAS•added 2019/01/10 12:0 a.m.•26 views

Ubuntu: Security Advisory (USN-3850-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.3AI score0.44398EPSS

Exploits1References2

Ubuntu•added 2019/01/09 5:41 p.m.•265 views

USN-3850-1: NSS vulnerabilities

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. CVE-2018-0495 It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remo...

5.9CVSS6.2AI score0.44398EPSS

Exploits1

OSV•added 2019/01/09 5:41 p.m.•2 views

USN-3850-1 nss vulnerabilities

5.9CVSS6.5AI score0.44398EPSS

Exploits1References4

Tenable Nessus•added 2019/01/09 12:0 a.m.•144 views

Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.25. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the modsessioncrypto module due to encryption for data and cookies using the configured ciphers with possibly either...

8.1CVSS7.9AI score0.7907EPSS

Exploits8References10

Veracode•added 2018/12/05 3:10 a.m.•14 views

Padding Oracle Attack

OpenSSL is vulnerable to padding oracle attacks. The library does not properly validate the RSA padding which allows microarchitectural and timing side channel attacks...

6.7AI score

Exploits0

UbuntuCve•added 2018/12/03 2:29 p.m.•26 views

CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

5.6CVSS6.2AI score0.00573EPSS

Exploits0References2

ATTACKERKB•added 2018/12/03 2:29 p.m.•3 views

CVE-2018-16868

5.6CVSS5.5AI score0.00573EPSS

Exploits0References7

ATTACKERKB•added 2018/12/03 2:29 p.m.•4 views

CVE-2018-16869

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...

5.7CVSS5.5AI score0.01495EPSS

Exploits0References5