CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

Code injection

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

CVE-2018-5762

Unisys ClearPath MCP TCP/IP networking module TLS implementation is vulnerable to a Bleichenbacher RSA padding oracle (ROBOT) leading to possible decryption of TLS ciphertext. Affected versions are TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044. The CNVD entr...

Windows Kernel 64-bit stack memory disclosure in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback)(CVE-2018-0810)

We have discovered that a user-mode callback invoked by the win32k!SfnINLPHELPINFOSTRUCT function via KeUserModeCallback leads to the disclosure of uninitialized stack memory to user-mode clients, due to compiler-introduced structure padding. The vulnerability affects Windows 7 64-bit; other...

Semrush: SSLv3 Poodle Attack on Ip Of semrush

Summary: POODLE SSLv3 bug on multiple servers Description: CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka...

Ubuntu 14.04 LTS / 16.04 LTS : Erlang vulnerabilities (USN-3571-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3571-1 advisory. It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to...

Ubuntu: Security Advisory (USN-3571-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3571-1: Erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...

USN-3571-1 erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...

IBM WebSphere MQ GSKit Information Disclosure Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM Corporation. It provides a reliable and proven messaging backbone for Service Oriented Architecture SOA, for which GSKit Global Security Toolkit is a set of security management tools. An information disclosure vulnerability exists in GSK...

CVE-2018-1388

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS1 padding. IBM X-Force ID: 138212...

CVE-2018-1388

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS1 padding. IBM X-Force ID: 138212...

Information disclosure

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS1 padding. IBM X-Force ID: 138212...

CVE-2018-1388

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS1 padding. IBM X-Force ID: 138212...

CVE-2018-1388

CVE-2018-1388 is a GSKit V7 vulnerability that can disclose side-channel information through discrepancies in PKCS#1 padding. It has been addressed in multiple IBM advisories across products using GSKit, including IBM i, WebSphere-related offerings, IBM Tivoli Directory Server, IBM Security Direc...

macOS - sysctl_vfs_generic_conf Stack Leak Through Struct Padding

macOS - sysctlvfsgenericconf Stack Leak Through Struct Padding / The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg...

macOS - sysctl_vfs_generic_conf Stack Leak Through Struct Padding Exploit

Exploit for macOS platform in category dos / poc / The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg1; namelen =...

macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding

/ The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg1; namelen = arg2; check for namelen==1 mountlistlock; for vfsp...