Lucene search
K

226 matches found

Veracode
Veracode
added 2024/05/15 8:58 a.m.13 views

Improper TLS Ciphers Configuration

github.com/nats-io/nats-server/ is vulnerable to Improper TLS Ciphers Configuration. The vulnerability is due to the loss of restricted ciphersuite settings when using CLI options to set a key/cert for TLS, enabling all ciphersuites supported by Go by default...

7AI score0.00348EPSS
Exploits0
OSV
OSV
added 2024/05/14 10:3 p.m.23 views

GHSA-JJ54-5Q2M-Q7PJ NATS server TLS missing ciphersuite settings when CLI flags used

This advisory is canonically Problem Description The NATS server by default uses a restricted set of modern ciphersuites for TLS. This selection can be overridden through configuration. The defaults include just RSA and ECDSA with either AES/GCM with a SHA2 digest or ChaCha20/Poly1305. The...

6.3AI score0.00348EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/14 10:3 p.m.19 views

NATS server TLS missing ciphersuite settings when CLI flags used

This advisory is canonically Problem Description The NATS server by default uses a restricted set of modern ciphersuites for TLS. This selection can be overridden through configuration. The defaults include just RSA and ECDSA with either AES/GCM with a SHA2 digest or ChaCha20/Poly1305. The...

6.8AI score0.00348EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/02/20 12:15 p.m.29 views

Side Channel Attacks

libmbedtls.so is vulnerable to plain text recovery via side-channel attacks. The vulnerability is due to the ability of local users to achieve partial plaintext recovery for a CBC based ciphersuite via measuring the time it takes to perform certain cryptographic operations. An attacker can gather...

4.7CVSS6.3AI score0.00373EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.4 views

The vulnerability of the program-defined telecommunication stack FreeSWITCH, related to incorrect handling of exceptional states, allows a intruder to trigger a service failure.

The vulnerability of the program-defined telecommunication stack FreeSWITCH is related to incorrect handling of exceptional states. Exploiting this vulnerability can allow a malicious actor to cause a service failure by sending a ClientHello DTLS message with an invalid CipherSuite this triggers ...

7.8CVSS6.8AI score0.01485EPSS
Exploits4References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/02 12:0 a.m.46 views

SUSE SLES12 Security Update : nrpe (SUSE-SU-2023:0586-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0586-1 advisory. - CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 bsc931600, bsc938906. Tenable has...

4.3CVSS6.2AI score0.9986EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.48 views

K55462146: OpenSSL vulnerability CVE-2017-3733

Security Advisory Description During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...

7.5CVSS7.5AI score0.12874EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.47 views

K09413574: OpenSSL vulnerability CVE-2022-1434

Security Advisory Description The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one...

5.9CVSS6.5AI score0.01026EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:32 p.m.46 views

K15567: OpenSSL vulnerability CVE-2014-5139

Security Advisory Description The sslsetclientdisabled function in t1lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service NULL pointer dereference and client application crash via a ServerHello message that includes an SRP ciphersuite without the required...

4.3CVSS7AI score0.19997EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/16 12:0 a.m.42 views

GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-02 OpenSSL: Multiple Vulnerabilities - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH...

10CVSS7.9AI score0.87816EPSS
Exploits8References15
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.46 views

CVE-2018-0732. Client DoS due to large DH parameter.

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.5CVSS2.6AI score0.49268EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.86 views

SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2022:2306-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2306-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script...

10CVSS7.6AI score0.95764EPSS
Exploits6References20
OSV
OSV
added 2022/05/24 3:15 p.m.1 views

UBUNTU-CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS7.5AI score0.01563EPSS
Exploits0References7
Prion
Prion
added 2022/05/24 3:15 p.m.13 views

Buffer overflow

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

5CVSS7.6AI score0.01563EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/24 2:55 p.m.3 views

CVE-2022-29242 Buffer Overflow on creating key transport blob in GOST Engine

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

5.9CVSS7.6AI score0.01563EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 2:55 p.m.22 views

CVE-2022-29242 Buffer Overflow on creating key transport blob in GOST Engine

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

5.9CVSS7.6AI score0.01563EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/05/24 2:55 p.m.27 views

CVE-2022-29242 Buffer Overflow on creating key transport blob in GOST Engine

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

5.9CVSS7.8AI score0.01563EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/05/24 2:55 p.m.35 views

CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS7.6AI score0.01563EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/05/18 10:42 p.m.48 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS3.6AI score0.01026EPSS
Exploits0References3
OSV
OSV
added 2022/05/04 12:0 a.m.26 views

GHSA-638M-M8MH-7GW2 Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS7.2AI score0.01026EPSS
Exploits0References7
Rows per page
Query Builder