2927 matches found
CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...
CVE-2018-16869
CVE-2018-16869 is a Bleichenbacher-type side-channel padding oracle vulnerability in the nettle cryptographic library, caused by how nettle handles endian conversion of RSA-decrypted PKCS#1 v1.5 data. Exploitation could allow an attacker on the same physical core to extract plaintext or, in some ...
CVE-2018-16868
CVE-2018-16868 concerns a Bleichenbacher-type side-channel padding oracle in GnuTLS during PKCS#1 v1.5 RSA verification. The provided documents indicate this affects GnuTLS across Linux distributions (e.g., Red Hat). The attack requires local access on the same physical core as the victim process...
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...
PT-2018-2490 · Gnu +4 · Nettle +4
Name of the Vulnerable Software and Affected Versions: Nettle affected versions not specified Description: The issue is related to a Bleichenbacher type side-channel based padding oracle attack in the way Nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. This could allow an...
CVE-2018-17156
In FreeBSD before 11.2-STABLEr340268 and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl...
openstack-cinder: Data retained after deletion of a ScaleIO volume
An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive...
U.S. Dept Of Defense: Padding Oracle ms10-070 in the a DoD website (https://██████/)
Hi there i found a Padding Oracle ms10-070 in the following website: https://█████████/ In the following steps i will demonstrate how to reproduce the vulnerability. POC: 1ºGo to the following url: https://████/ you will see in the source code off the page something like "WebResource.axd?d="...
Primetek Primefaces Weak Encryption Remote Code Execution (CVE-2017-1000486)
Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password...
Security Bulletin: IBM RackSwitch firmware products are affected by information disclosure vulnerability (CVE-2014-8730)
Summary IBM RackSwitch firmware products listed below have addressed the following TLS padding information disclosure vulnerability. Vulnerability Details CVEID: CVE-2014-8730 DESCRIPTION: Multiple F5 products could allow a remote attacker to obtain sensitive information, caused by the failure to...
GHSA-9GP4-QRFF-C648 Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability
Summary An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2 parsing code of Google Chrome version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak that could be used as part of an exploit. ...
Security Bulletin: TLS padding vulnerability affects IBM Rational ClearQuest (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Rational ClearQuest. Vulnerability Details CVE-ID: CVE-2014-8730 Description: IBM Rational ClearQuest could allow a remote attacker to obtain sensitive...
Citrix StorageZones Controller Improper Access Restrictions / Traversal Exploit
Citrix StorageZones Controller versions prior to 5.4.2 suffer from padding oracle, improper access restriction, and path traversal vulnerabilities. ======================================================================= title: Multiple Vulnerabilities product: Citrix StorageZones Controller...