Lucene search
K

226 matches found

Prion
Prion
added 2020/09/09 2:15 p.m.32 views

Design/Logic Flaw

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

4.3CVSS5AI score0.04803EPSS
Exploits0References10Affected Software15
OpenVAS
OpenVAS
added 2020/06/16 12:0 a.m.38 views

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-1637)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.6AI score0.85784EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/12 8:34 p.m.51 views

Security Bulletin: IBM Spectrum Protect Plus vulnerable to Logjam (CVE-2015-4000)

Summary A port used by VADP is reported to be vulnerable to Logjam CVE-2015-4000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An...

4.3CVSS1AI score0.9986EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2020/04/10 12:56 a.m.54 views

Insecure TLS Configuration

openssl uses an insecure TLS configuration. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the...

4.3CVSS3.2AI score0.09497EPSS
Exploits0References52Affected Software1
Veracode
Veracode
added 2020/04/10 12:56 a.m.24 views

Insecure TLS Configuration

openssl uses an insecure TLS configuration. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the...

4.3CVSS3.4AI score0.03426EPSS
Exploits0References12Affected Software1
RedhatCVE
RedhatCVE
added 2020/03/15 1:36 p.m.29 views

CVE-2017-3733

It was found that changing the ciphersuite during a renegotiation of the Encrypt-Then-Mac extension could result in a crash of the OpenSSL server or client...

5CVSS3.3AI score0.12874EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/02/06 12:0 a.m.43 views

Ubuntu: Security Advisory (USN-4267-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.04884EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2018-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.49268EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/06/27 12:0 a.m.22 views

EulerOS 2.0 SP8 : compat-openssl10 (EulerOS-SA-2019-1643)

According to the versions of the compat-openssl10 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the clien...

7.8CVSS6.5AI score0.49268EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.36 views

EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1185)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

7.5CVSS6.2AI score0.49268EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2019/03/13 12:0 a.m.318 views

openssl security update

1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...

10CVSS0.5AI score0.99999EPSS
Exploits181
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:55 a.m.48 views

Security Bulletin: Vulnerabilities in OpenSSL affect Integrated Management Module II (IMM2) (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by Integrated Management Module II IMM2. IMM2 has addressed the applicable CVEs...

5CVSS0.4AI score0.98685EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:55 a.m.41 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware. IBM Flex System FC3171...

5CVSS0.4AI score0.98685EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:45 a.m.46 views

Security Bulletin: Vulnerabilities in OpenSSL affect System x Integrated Management Module (IMM) (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module IMM. IMM hasaddressed the applicable CVEs...

5CVSS0.4AI score0.98685EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.40 views

SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:2956-1)

This update for openssl-11 to 1.1.0i fixes the following issues : These security issues were fixed : CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an...

7.5CVSS6.1AI score0.49268EPSS
Exploits0References5
Amazon
Amazon
added 2018/11/07 12:0 a.m.73 views

Medium: openssl

Issue Overview: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client ha...

7.5CVSS6.4AI score0.49268EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.32 views

F5 Networks BIG-IP : OpenSSL vulnerability (K21665601)

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.5CVSS6.4AI score0.49268EPSS
Exploits0References2
Amazon
Amazon
added 2018/10/30 12:0 a.m.630 views

Medium: openssl

Issue Overview: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client ha...

7.5CVSS7AI score0.49268EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.29 views

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2018-1306)

According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client...

7.8CVSS6.5AI score0.49268EPSS
Exploits0References3
Mageia
Mageia
added 2018/09/02 7:7 p.m.46 views

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...

7.5CVSS2.4AI score0.49268EPSS
Exploits0References5
Rows per page
Query Builder