Lucene search
+L

250 matches found

CVE
CVE
added 2014/03/26 10:0 a.m.41 views

CVE-2014-0848

CVE-2014-0848 affects IBM Netezza Performance Portal 2.0 (before 2.0.0.4) where the Apache HTTP Server default config uses weak SSLCipherSuite values, enabling a remote attacker to potentially defeat cryptographic protections via brute-force. Vulnerable component: Apache web server in PERFPORTAL ...

3.5CVSS6.5AI score0.00852EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/03/26 10:0 a.m.22 views

CVE-2014-0848

The 1 ssl.conf and 2 httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

6.3AI score0.00852EPSS
Exploits1References2
Mageia
Mageia
added 2014/02/12 5:13 p.m.38 views

Updated tor package fixes security vulnerability

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to...

4CVSS3.6AI score0.01751EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/02/05 12:0 a.m.35 views

Firefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to...

10CVSS7.2AI score0.07072EPSS
Exploits9References16
Tenable Nessus
Tenable Nessus
added 2014/02/05 12:0 a.m.43 views

Thunderbird < 24.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to System...

10CVSS8AI score0.07072EPSS
Exploits9References16
NVD
NVD
added 2014/01/17 9:55 p.m.17 views

CVE-2013-7295

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for 1 relay identity keys and 2 hidden-service identity keys, which might make it easier for remote attackers...

4CVSS7.4AI score0.01751EPSS
Exploits0References2
NVD
NVD
added 2014/01/15 4:13 p.m.16 views

CVE-2014-0491

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection...

10CVSS6.3AI score0.07117EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2013/12/13 6:7 p.m.26 views

CVE-2013-6394

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector IV, which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks...

2.1CVSS6.6AI score0.0038EPSS
Exploits0References1
Prion
Prion
added 2013/12/13 6:7 p.m.24 views

Code injection

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector IV, which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks...

2.1CVSS6.7AI score0.0038EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2013/12/10 3:0 p.m.20 views

CVE-2013-3710

SUSE Lifecycle Management Server SLMS before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

6.6AI score0.01303EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/11/29 12:0 a.m.46 views

Oracle Linux 5 / 6 : Unbreakable Enterprise Kernel (ELSA-2013-2584)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2584 advisory. - fs/compatioctl.c: VIDEOSETSPUPALETTE missing error check Kees Cook Orabug: 17842208 CVE-2013-1928 - Bluetooth: RFCOMM - Fix info leak via...

6.2CVSS6.7AI score0.03181EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2013/11/14 12:0 a.m.34 views

Amazon Linux AMI : gnupg (ALAS-2013-236)

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. The compressed packet parser in...

5.8CVSS7.8AI score0.0503EPSS
Exploits0References3
Prion
Prion
added 2013/10/24 3:48 a.m.27 views

Design/Logic Flaw

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...

4.3CVSS6.4AI score0.01086EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2013/10/11 10:55 p.m.22 views

CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

5.8CVSS6.2AI score0.01407EPSS
Exploits0References8
Prion
Prion
added 2013/10/11 10:55 p.m.26 views

Design/Logic Flaw

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

5.8CVSS6.6AI score0.01407EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2013/10/11 10:55 p.m.25 views

CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

5.8CVSS7.2AI score0.01407EPSS
Exploits0References8
CVE
CVE
added 2013/10/11 10:0 p.m.78 views

CVE-2007-6755

CVE-2007-6755 is the Dual_EC_DRBG-related vulnerability referenced in the initial description. The connected documents provide a concrete technical detail: in a Debian vulnerability listing, CVE-2007-6755 is associated with libuuid1 (libuuid1-2.36.1-8+deb11u1.amd64

5.8CVSS9.1AI score0.01407EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2013/10/11 10:0 p.m.24 views

CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

6.2AI score0.01407EPSS
Exploits0References8
NVD
NVD
added 2013/10/10 10:55 a.m.16 views

CVE-2013-4345

Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...

5.8CVSS6.6AI score0.03181EPSS
Exploits0References18
Debian CVE
Debian CVE
added 2013/10/10 10:0 a.m.47 views

CVE-2013-4345

Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...

5.8CVSS6.7AI score0.03181EPSS
Exploits0
Rows per page
Query Builder