Lucene search
+L

206 matches found

Huawei
Huawei
added 2018/11/14 12:0 a.m.42 views

Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...

7.4CVSS7.3AI score0.01108EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/08/28 12:0 a.m.40 views

FreeBSD : node.js -- multiple vulnerabilities (0904e81f-a89d-11e8-afbb-bc5ff4f77b71)

Node.js reports : OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service DoS attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE Diffie-Hellman, in...

7.5CVSS6.6AI score0.49268EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/07/05 12:0 a.m.67 views

Oracle Linux 7 : python (ELSA-2018-2123)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2123 advisory. 2.7.5-69.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 sweet32. Resolves: rhbz158454...

7.5CVSS7AI score0.95707EPSS
Exploits7References2
Hacker One
Hacker One
added 2018/07/01 10:53 p.m.19 views

Slack: The POODLE attack (SSLv3 supported) at status.slack.com

@cryptographer found that for some regions, status.slack.com supported an outdated cipher suite, which we've since updated. Thanks @cryptographer! nmap -sV --version-light --script ssl-poodle -p 443 IP...

0.9AI score
Exploits0
OSV
OSV
added 2018/06/26 4:29 p.m.15 views

UBUNTU-CVE-2018-1000520

ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtlssslgetverifyresult that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate ...

7.5CVSS7.1AI score0.00713EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:3 a.m.23 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Rational DOORS Web Access (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Rational DOORS Web Access. Vulnerability Details Rational DOORS Web Access is affected by the following vulnerability: CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote...

4.3CVSS0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:43 p.m.65 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah Attack" for SSL/TLS affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive informatio...

5CVSS1AI score0.73851EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.22 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Operational Decision Manager (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Operational Decision Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

4.3CVSS0.5AI score0.9986EPSS
Exploits1Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/14 12:7 p.m.102 views

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

4.3CVSS1.1AI score0.24282EPSS
Exploits0References11
Prion
Prion
added 2018/03/01 12:29 a.m.17 views

Command injection

comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products, after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which...

5CVSS5.2AI score0.00415EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/03/01 12:0 a.m.43 views

CVE-2018-6653

The CVE-2018-6653 issue affects Comforte SWAP versions 1049–1069 and 20.0.0–21.5.3 (used in SSLOBJ on HPE NonStop SSL T0910 and in Comforte SecurCS/SecurFTP/SecurLib/SSL-AT/SecurTN). After RELOAD CERTIFICATES, it fails to enforce a strong TLS cipher suite, enabling a remote attacker to sniff traf...

5.3CVSS5.2AI score0.00415EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/12/13 1:29 a.m.27 views

CVE-2017-13099

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."...

7.5CVSS7.3AI score0.24922EPSS
Exploits0References6
OSV
OSV
added 2017/12/13 1:29 a.m.24 views

CVE-2017-13099

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."...

5.9CVSS6.6AI score
Exploits0References6
CNVD
CNVD
added 2017/08/21 12:0 a.m.3 views

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2017-24357)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. An information disclosure vulnerability exists in IBM WAS...

5.9CVSS5.6AI score0.02033EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/19 12:0 a.m.6 views

Google Android Qualcomm Component Unauthorized Operation Vulnerability (CNVD-2017-26831)

Android is a Linux-based open-source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm closed-source components are among the closed-source components developed by Qualcomm. A security vulnerability exists in the Qualcomm closed-source component in Android, whi...

10CVSS9.3AI score0.0052EPSS
Exploits0References1
OSV
OSV
added 2017/08/07 8:29 p.m.3 views

UBUNTU-CVE-2015-5244

The NSSCipherSuite option with ciphersuites enabled in modnss before 1.0.12 allows remote attackers to bypass application restrictions...

9.8CVSS7.3AI score0.02749EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.41 views

EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-b...

7.5CVSS7AI score0.57595EPSS
Exploits2References3
OSV
OSV
added 2017/03/03 4:59 p.m.7 views

CVE-2016-6882

MatrixSSL before 3.8.7, when the DHERSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack...

5.9CVSS5.8AI score0.01302EPSS
Exploits0References5
CVE
CVE
added 2017/03/03 4:0 p.m.49 views

CVE-2016-6882

CVE-2016-6882 concerns MatrixSSL prior to 3.8.7. When DHE_RSA cipher suites are enabled, remote attackers may exploit a Lenstra side-channel to glean RSA private key information. The vulnerability is limited to affected builds of MatrixSSL and is primarily an information-leak risk to private RSA ...

5.9CVSS6.3AI score0.01302EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/02/21 12:0 a.m.40 views

Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)

Security Fixes : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 - A denial of service flaw was found in th...

7.5CVSS6.9AI score0.57595EPSS
Exploits2References3
Rows per page
Query Builder