EUVD-2016-7256

Malware in sbrugna...

EUVD-2023-12373

Malicious code in bioql PyPI...

CVE-2023-0296

The Birthday attack against 64-bit block ciphers flaw CVE-2016-2183 was reported for the health checks port 9979 on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port...

Design/Logic Flaw

The Birthday attack against 64-bit block ciphers flaw CVE-2016-2183 was reported for the health checks port 9979 on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port...

CVE-2023-0296

The Birthday attack against 64-bit block ciphers CVE-2016-2183 was reported for the health checks port 9979 on the etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port...

Security Bulletin: IBM Cisco Switches and Directors vulnerable to Sweet32 Birthday attacks (CVE-2016-2183 CVE-2016-6329).

Summary IBM Cisco Switches and Directors vulnerable to Sweet32 Birthday attacks on 64-bit block ciphers in TLS and OpenVPN openssl ,redhat,openVPN Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in t...

Security Bulletin:TLS Protocol 64-bit Cipher Vulnerability in Multiple N series Products (CVE-2016-2183)

Summary Multiple N series products utilize the TLS protocol. Any system using the TLS protocol with 64-bit block ciphers that are used in long running connections are vulnerable to a birthday attack referred to as SWEET32. When exploited, the vulnerability may lead to the unauthorized disclosure ...

Security Bulletin: Vulnerabilities in 64-bit block ciphers affects IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-2183, CVE-2016-6329)

Summary The Sweet32 Birthday attack for SSL/TLS connections affects IBM License Metric Tool v7.5 and IBM Tivoli Asset Discovery for Distributed v7.5 Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in...

Sweet32 Attack

OpenVPN is vulnerable to Sweet32 Attack. When using a 64-bit block cipher, it is easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for OpenVMS (CVE-2016-2183)

Summary OpenSSL is used by IBM Sterling Connect:Direct for OpenVMS. IBM Sterling Connect:Direct for OpenVMS has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11 security update

Red Hat OpenShift Container Platform release 3.11.170 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Security Bulletin: GSKit Sweet32 Birthday attacks on 64-bit block ciphers in TLS affects the Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-2183)

Summary GSKit is vulnerable to Sweet32 Birthday attacks on 64-bit block ciphers in TLS which affects the Tivoli Storage Manager IBM Spectrum Protect Server. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: An error in the DES/3DES cipher, used as a part of the SSL/TLS protocol, could allow...

Security Bulletin: IBM Security Guardium is affected by Sweet32: Birthday attacks on 64-bit block ciphers in TLS (CVE-2016-2183)

Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block cipher, used as a part of the SSL/TLS protocol. This vulnerability is known as the SWEET32 Birthday attack. IBM Security Guardium has fixed this vulnerability...

Arista Networks EOS Multiple Vulnerabilities (SA0024) (SWEET32)

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - An information disclosure vulnerability exists in the dsasignsetup function in dsaossl.c due to a failure to properly ensure the use of constant-time...

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

If you use Vulners.com vulnerability search engine, you probably know that it has a real "Time Machine". Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI: In most cases, the vendor just...

RHEL 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4.18 (RHSA-2017:3240)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3240 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3113 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implement...

Ubuntu 14.04 LTS / 16.04 LTS : OpenVPN vulnerabilities (USN-3339-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3339-1 advisory. Karthikeyan Bhargavan and Gatan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could...

USN-3339-1: OpenVPN vulnerabilities

Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warni...