kernel: Information leak in events in timer.c

A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user withou...

Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVPEncodeUpdate function within file...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openssl: Padding oracle in AES-NI CBC MAC check

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...

F5 BIG-IP - TMM SSL/TLS virtual server vulnerability CVE-2016-6907

TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if...

F5 Networks BIG-IP : TMM SSL/TLS virtual server vulnerability (K39508724)

TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a 'Vaudenay timing attack' aka 'Padding oracle attack.'CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms : The VIPRION B4450 blade and BIG-IP 2000 and 4000 series platforms are...

DLA-626-1 phpmyadmin - security update

Bulletin has no description...

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

Design/Logic Flaw

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

Jose-php Information Disclosure Vulnerability

jose-php is suitable for PHP JSON object signature and encryption library . A security vulnerability exists in versions of jose-php before 2.2.1, due to the lack of a random padding mechanism in the implementation of the RSA 1.5 algorithm in the JWE.php/JOSEJWE class. A remote attacker can obtain...

HP Integrated Lights-Out Information Disclosure Vulnerability (CNVD-2016-07089)

HP Integrated Lights-Out is used for remote management of servers. An information disclosure vulnerability exists in HP Integrated Lights-Out. A remote attacker could exploit this vulnerability to cause information disclosure via TLS CBC Padding and MAC errors...

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

OpenSSH CBC Padding Weak Password Vulnerability

OpenSSH is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. A weak password vulnerability exists in OpenSSH CBC Padding, which allows an attacker to bypass security restrictions and obtain sensitive information...

phpMyAdmin 4.0.10.x < 4.0.10.17 / 4.4.15.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities

Binary data 9538.prm...

OpenSSH < 7.3 Multiple Vulnerabilities

According to its banner, the version of OpenSSH running on the remote host is prior to 7.3. It is, therefore, affected by multiple vulnerabilities : - A local privilege escalation when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files from home directories...

OpenSSH 7.x < 7.3 Multiple Vulnerabilities

Binary data 9507.prm...

Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)

The version of Oracle Secure Global Desktop installed on the remote host is 4.63, 4.71, or 5.2 and is missing a security patch from the July 2016 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists in the X Server...

Oracle VM VirtualBox < 5.0.22 Multiple Vulnerabilities (July 2016 CPU)

The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.22. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL component : - A heap buffer overflow condition exists in the EVPEncodeUpdate function within file crypto/evp/encode.c that ...