Lucene search
K

4231 matches found

Tenable Nessus
Tenable Nessus
added 2017/12/14 12:0 a.m.38 views

openSUSE Security Update : openssh (openSUSE-2017-1351)

This update for openssh fixes the following issues : Security issue fixed : - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server bsc1065000. Bug fixes : - FIPS: Startup selfchecks bsc1068310. - FIPS: Silent complaints about unsupported key exchange methods bsc1006166...

6.9CVSS6.3AI score0.03359EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2017/12/08 12:0 a.m.51 views

SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2017:3230-1)

This update for openssh fixes the following issues: Security issue fixed : - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server bsc1065000. Bug fixes : - FIPS: Startup selfchecks bsc1068310. - FIPS: Silent complaints about unsupported key exchange methods bsc1006166....

6.9CVSS6.4AI score0.03359EPSS
Exploits1References10
OSV
OSV
added 2017/12/07 12:22 p.m.8 views

SUSE-SU-2017:3230-1 Security update for openssh

This update for openssh fixes the following issues: Security issue fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server bsc1065000. Bug fixes: - FIPS: Startup selfchecks bsc1068310. - FIPS: Silent complaints about unsupported key exchange methods bsc1006166. -...

6.9CVSS6.4AI score0.03359EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2017/10/24 12:44 p.m.15 views

DUHK Attack Exposes Gaps in FIPS Certification

Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack Don’t Use Hardcoded Keys, isn’t likely to be part of many threat models. Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementatio...

7.1AI score
Exploits0References5
The Hacker News
The Hacker News
added 2017/10/24 6:58 a.m.26 views

DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions

DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi...

6.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/10/12 7:53 a.m.88 views

Important: Red Hat Security Advisory: rh-mysql57-mysql security and bug fix update

An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7AI score0.89924EPSS
Exploits9References63
Tenable Nessus
Tenable Nessus
added 2017/08/09 12:0 a.m.80 views

Oracle Linux 7 : openssh (ELSA-2017-2029)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2029 advisory. 7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless...

7.8CVSS6.6AI score0.88944EPSS
Exploits23References6
Oracle linux
Oracle linux
added 2017/08/07 12:0 a.m.133 views

openssh security, bug fix, and enhancement update

7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless syscalls for s390 crypto modules 1451809 7.4p1-8 + 0.10.3-1 - Fix multilib issue in documentation 1450361 7.4p1-6 + 0.10.3-1 - ControlPath too long...

7.8CVSS0.1AI score0.88944EPSS
Exploits23
OSV
OSV
added 2017/06/29 11:41 a.m.12 views

SUSE-SU-2017:1718-1 Security update for openvpn-openssl1

This update for openvpn-openssl1 fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a quite inefficient DoS attack on th...

7.5CVSS7.1AI score0.13892EPSS
Exploits2References12
n0where
n0where
added 2017/06/26 4:39 a.m.32 views

System Integrity Management Platform: SIMP

System Integrity Management Platform The System Integrity Management Platform SIMP is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure. Expanding...

0.6AI score
Exploits0References1
Talos Blog
Talos Blog
added 2017/06/22 10:37 a.m.50 views

Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco TalosOverviewMatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit SDK that is geared towards application in Internet of Things IOT devices and other embedded systems. It features low resource overhead a...

7.5CVSS0.8AI score0.02344EPSS
Exploits6
OSV
OSV
added 2017/06/19 12:57 p.m.8 views

SUSE-SU-2017:1608-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. bsc1042326 - Don't require secure memory for the fips selftests, this prevents the 'Oops, secure memory pool...

5.9CVSS5.6AI score0.02318EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/04/07 12:0 a.m.33 views

SUSE SLED12 / SLES12 Security Update : dracut (SUSE-SU-2017:0951-1)

This update for dracut fixes the following issues: Security issues fixed : - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. bsc100834...

7.8CVSS6.5AI score0.00309EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2017/02/21 12:0 a.m.56 views

openSUSE Security Update : openssl (openSUSE-2017-256)

This update for openssl fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed : - CVE-2016-7055: The x8664 optimized montgomery multiplication may produce incorrect results bsc1009528 - CVE-2017-3731: Truncated packet could crash via OO...

7.5CVSS7.6AI score0.57595EPSS
Exploits1References11
Packet Storm
Packet Storm
added 2017/02/14 12:0 a.m.79 views

Riverbed RiOS Insecure Cryptographic Storage

Riverbed RiOS insecure cryptographic storage CVE-2017-5670 Description Riverbed Steelhead hardware appliances are used to optimize and accelerate network traffic. There can be implemented as TLS endpoints, so they have a secure vault aimed to store private TLS certificates for servers. The secure...

0.0042EPSS
Exploits1
ThreatPost
ThreatPost
added 2016/12/22 12:33 p.m.12 views

NIST Calls for Submissions to Secure Data Against Quantum Computing

For a layman, it may be difficult to fathom how a standards body could be playing catch-up to a threat that could be at least a decade away. But that’s the position NIST finds itself in with the risk that quantum computers pose to existing cryptographic algorithms. Working, practical quantum...

7.2AI score
Exploits0References5
Fortinet
Fortinet
added 2016/11/22 12:0 a.m.28 views

DUHK Attack against Fortinet Products

When devices use ANSI X9.31 RNG which was removed from the list of FIPS-approved random number generation algorithms in January 2016 to generate cryptographic key under a static seed and under use with long-lived security tunnels like SSL/TLS/SSH/IPSec, such devices are vulnerable to the DUHK...

4.3CVSS2.2AI score0.01423EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/30 12:0 a.m.30 views

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1028)

This update for MozillaFirefox, mozilla-nss fixes the following issues : Changes in MozillaFirefox : - Mozilla Firefox 48.0.1 : - Fixed an audio regression impacting some major websites bmo1295296 - Fix a top crash in the JavaScript engine bmo1290469 - Fix a startup crash issue caused by Websense...

9.8CVSS7.5AI score0.08767EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2016/08/11 1:9 a.m.31 views

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

7.5CVSS9.2AI score0.13335EPSS
Exploits6References5
OPENSUSE Linux
OPENSUSE Linux
added 2016/08/05 1:9 a.m.38 views

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

7.5CVSS9.2AI score0.13335EPSS
Exploits6References5
Rows per page
Query Builder