14 matches found
EUVD-2016-1558
Malware in sbrugna...
CVE-2022-27221
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown strin...
UBUNTU-CVE-2018-16869
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
Microsoft Office Information Disclosure Vulnerability (CNVD-2018-00739)
Microsoft Office is an office software suite of products developed by the American Microsoft Corporation Microsoft. An information disclosure vulnerability exists in Microsoft Office that originates from the program failing to properly enforce copy/paste permissions on DRM-protected emails. An...
MGASA-2017-0166 Updated gajim packages fix security vulnerability
Gajim unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, which may be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions CVE-2016-10376...
DEBIAN-CVE-2016-10376
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions...
CVE-2016-10376
Gajim (XMPP client) up to version 0.16.7 unconditionally implements XEP-0146: Remote Controlling Clients, allowing a malicious XMPP server to trigger actions and potentially leak plaintext from OTR sessions. Public advisories (Debian, Gentoo, Fedora) note this behavior and provide patches/mitigat...
CVE-2016-10376
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions...
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
Hi, I get in touch to report that cloud.newrelic.com is vulnerable to CVE-2014-3566 POODLE. Websites that support SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM Man-in-the-middle attack. This attack, called POODLE, is similar to the BEAST attack and also allows a network...
Gratipay: The POODLE attack (SSLv3 supported) for https://grtp.co/
Websites that support SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM Man-in-the-middle attack. This attack, called POODLE, is similar to the BEAST attack and also allows a network attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie dat...
CVE-2007-4613
CVE-2007-4613 affects BEA WebLogic Server SSL libraries (versions 6.1 Gold–SP7, 7.0 Gold–SP7, 8.1 Gold–SP5). Vulnerability: an attacker in a MITM can obtain plaintext from an SSL stream by injecting crafted data and measuring timing of error responses. This is a separate issue from CVE-2006-2461....
OpenSSL 0.9.x - CBC Error Information Leakage
OpenSSL 0.9.x - CBC Error Information Leakage source: https://www.securityfocus.com/bid/6884/info A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leake...
qnx crypt comprimised
the crypt function for qnx turned out to a bit mixer, not a hash function. It's now possible to extract plaintext from the hashes. On a related note, all IOpeners running qnx use the same root password. Telnetd is running, and allows remote login as root. This is a huge security hole, as you can...