Lucene search
K

378 matches found

ThreatPost
ThreatPost
added 2012/09/11 6:44 p.m.14 views

Microsoft Ships Two Bulletins in September Security Update

The Microsoft security team shipped just two bulletins – resolving as many holes – in the September, 2012 edition of Patch Tuesday. The patches will supply fixes for two ‘important’ rated bugs, one in Microsoft Developer Tools and the other in Micrososft Server Software. If unpatched, both could...

1.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2012/09/06 7:41 p.m.10 views

Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes

Microsoft is promising a light load of security updates for next Tuesday’s monthly patch release in an attempt to give Windows administrators and security teams time to prepare for an October change to certificate key length requirements. Angela Gunn of Microsoft’s Security Response Team announce...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2012/08/23 12:0 a.m.14 views

Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)

Microsoft Windows operating system is prone to digital certificate key length spoofing vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

5.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/07/13 12:0 a.m.35 views

MySQL Server 5.1 < 5.1.63 Multiple Vulnerabilities

Binary data 801134.prm...

5.1CVSS6.2AI score0.96188EPSS
Exploits10References7
ThreatPost
ThreatPost
added 2012/06/14 11:33 a.m.142 views

Microsoft Releases Automatic Updater for Certificate Revocation Lists, Plans to Invalidate Short RSA Keys

As part of its response to the Flame malware and its usage of a forged Microsoft certificate to sign malicious files, Microsoft has changed the way that Windows handles certificates, releasing an automatic updater function that will recognize and flag untrusted certificates. The new functionality...

9.3CVSS8.2AI score0.99945EPSS
Exploits33References4
Tenable Nessus
Tenable Nessus
added 2012/06/11 12:0 a.m.456 views

MySQL 5.1 < 5.1.63 Multiple Vulnerabilities

The version of MySQL 5.1 installed on the remote host is earlier than 5.1.63 and is, therefore, affected by multiple vulnerabilities : - Several errors exist related to 'GIS Extension' and 'Server Optimizer' components that can allow denial of service attacks. CVE-2012-0540, CVE-2012-1689,...

5.1CVSS8.6AI score0.96188EPSS
Exploits10References8
Tenable Nessus
Tenable Nessus
added 2012/06/11 12:0 a.m.890 views

MySQL 5.5 < 5.5.24 Security Bypass Vulnerability

The version of MySQL 5.5 installed on the remote host is earlier than 5.5.24 and is, therefore, affected by the following vulnerabilities : - Several errors exist related to 'GIS Extension', 'Server', 'InnoDB' and 'Server Optimizer' components that can allow denial of service attacks...

6.8CVSS8.5AI score0.96188EPSS
Exploits10References10
Cvelist
Cvelist
added 2012/05/11 1:0 a.m.22 views

CVE-2012-0655

libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site th...

8AI score0.01198EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/10/05 8:12 p.m.7 views

openswan: IKE invalid key length allows remote unauthenticated user to crash openswan

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service NULL pointer dereference and pluto IKE daemon crash via an ISAKMP message with an invalid KEYLENGTH attribute, which is not properly handled by the error handling function...

5CVSS5.9AI score0.02406EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2011/01/20 12:0 a.m.22 views

Icon Labs Iconfidant SSL Server Key Length Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Icon Labs Iconfidant SSL Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality responsible for key exchange. If the sum of specific...

10CVSS8.1AI score
Exploits0References1
OSV
OSV
added 2010/10/21 7:0 p.m.2 views

DEBIAN-CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

7.5CVSS8.3AI score0.02408EPSS
Exploits0References1
OSV
OSV
added 2010/10/21 7:0 p.m.7 views

CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

6.1AI score
Exploits0References18
Cvelist
Cvelist
added 2010/10/21 6:12 p.m.40 views

CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

9.1AI score0.02408EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2010/10/19 11:20 p.m.5 views

NSS: insecure Diffie-Hellman key exchange

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

7.5CVSS7.4AI score0.02408EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/19 11:6 p.m.3 views

NSS: insecure Diffie-Hellman key exchange

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

7.5CVSS7.4AI score0.02408EPSS
Exploits0References4
Mozilla
Mozilla
added 2010/10/19 12:0 a.m.34 views

Insecure Diffie-Hellman key exchange — Mozilla

Mozilla cryptographer Nelson Bolyard reported that the SSL implementation was permitting servers to use Diffie-Hellman Ephemeral mode DHE with too short of a minimum key length. DHE keys of such lengths are trivially breakable on modern hardware so SSL servers operating in this mode were providin...

7.5CVSS2.8AI score0.02408EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2009/06/19 7:30 p.m.2 views

CVE-2009-2137

Memory leak in the Ultra-SPARC T2 crypto provider device driver aka n2cp in Sun Solaris 10, and OpenSolaris snv54 through snv112, allows context-dependent attackers to cause a denial of service memory consumption via unspecified vectors related to a large keylen value...

7.8CVSS5.5AI score0.01816EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2009/05/08 12:0 a.m.35 views

openSUSE 10 Security Update : python-crypto (python-crypto-6063)

Missing checks for the key length in the ARC2 module potentially allowed attackers to crash applications using python-crypto or potentially even cause execute arbitrary code CVE-2009-0544. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

10CVSS5.9AI score0.11523EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.41 views

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : python-crypto vulnerability (USN-729-1)

Mike Wiacek discovered that the ARC2 implementation in Python Crypto did not correctly check the key length. If a user or automated system were tricked into processing a malicious ARC2 stream, a remote attacker could execute arbitrary code or crash the application using Python Crypto, leading to ...

10CVSS5.9AI score0.11523EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2009/03/05 10:52 p.m.50 views

USN-729-1: Python Crypto vulnerability

Mike Wiacek discovered that the ARC2 implementation in Python Crypto did not correctly check the key length. If a user or automated system were tricked into processing a malicious ARC2 stream, a remote attacker could execute arbitrary code or crash the application using Python Crypto, leading to ...

10CVSS5.9AI score0.11523EPSS
Exploits2
Rows per page
Query Builder