CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2018/02/22 12:29 a.m.•0 views

CVE-2018-0124

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker...

9.8CVSS6.2AI score0.05819EPSS

Exploits0References4

OSV•added 2018/02/22 12:29 a.m.•1 views

CVE-2018-0124

9.8CVSS6.1AI score0.05819EPSS

Prion•added 2018/02/22 12:29 a.m.•14 views

Code injection

7.5CVSS9.7AI score0.05819EPSS

Exploits0References3Affected Software1

NVD•added 2018/02/22 12:29 a.m.•25 views

CVE-2018-0124

9.8CVSS9.8AI score0.05819EPSS

Cvelist•added 2018/02/22 12:0 a.m.•23 views

CVE-2018-0124

9.8AI score0.05819EPSS

Vulnrichment•added 2018/02/22 12:0 a.m.•8 views

CVE-2018-0124

7.8AI score0.05819EPSS

Cisco•added 2018/02/21 4:0 p.m.•67 views

Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability

9.8CVSS2.5AI score0.05819EPSS

OSV•added 2018/02/01 11:38 a.m.•5 views

SUSE-SU-2018:0338-1 Security update for libXdmcp

This update for libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046...

6.5CVSS6.7AI score0.001EPSS

Exploits3References3

Intel•added 2018/01/16 12:0 a.m.•56 views

Intel® NUC Kit with Infineon Trusted Platform Module

Summary: Certain Intel® NUC systems contain an Infineon Trusted Platform Module TPM that has an information disclosure vulnerability as described in CVE-2017-15361. Description: Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration...

5.9CVSS5.6AI score0.73437EPSS

Hacker One•added 2018/01/11 8:55 p.m.•33 views

Ruby: Integer Underflow @ ossl_cipher_pkcs5_keyivgen

Integer Underflow @ osslcipherpkcs5keyivgen file : ext/openssl/osslcipher.c affected parameter: iterations INFO Generates and sets the key/IV based on a password. call-seq: cipher.pkcs5keyivgenpass, salt = nil, iterations = 2048, digest = "MD5" - nil ANALYSIS iterint in osslcipherpkcs5keyivgen...

6.8AI score

Broadcom•added 2017/11/17 12:0 a.m.•6 views

BSA-2017-474

Security Advisory ID : BSA-2017-474 Component : Infineon RSA Library Revision : 2.0: Final The Infineon RSA library version 1.02.013 in Infineon Trusted Platform Module TPM firmware mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection...

5.9CVSS6.7AI score0.73437EPSS

OSV•added 2017/10/30 7:23 p.m.•4 views

MGASA-2017-0395 Updated opensc_etc packages fix security vulnerability

A vulnerability, dubbed ROCA, was identified in an implementation of RSA key generation due to a fault in a code library developed by Infineon Technologies. The affected encryption keys are used to secure many forms of technology, such as hardware chips, authentication tokens, software packages,...

5.9CVSS6.1AI score0.73437EPSS

CNVD•added 2017/10/19 12:0 a.m.•3 views

Juniper SRX300 Series Trusted Platform Module Firmware Information Disclosure Vulnerability

The Juniper SRX300 Series is a firewall product from Juniper Networks, Inc.The Trusted Platform Module TPM is one of the test platform modules. A security vulnerability exists in the TPM firmware version 4.40 in the Juniper SRX300 Series in the process of generating encryption keys. An attacker...

4.4CVSS4.9AI score0.00053EPSS

CNVD•added 2017/10/18 12:0 a.m.•3 views

Infineon RSA Library Cryptographic Security Bypass Vulnerability

The Infineon Trusted Platform Module TPM is a data encryption chip from Infineon Technologies, Germany.The Infineon RSA library is one of the encryption libraries. A security vulnerability exists in the Infineon RSA library version 1.02.013 of the Infineon TPM, which does not properly handle RSA...

5.9CVSS6.8AI score0.73437EPSS

The Hacker News•added 2017/10/16 9:53 p.m.•46 views

Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices

If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have got another one for you which is even worse. Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library...

4.3CVSS6.4AI score0.73437EPSS