Lucene search
K

168 matches found

Cvelist
Cvelist
added 2018/08/21 1:0 p.m.30 views

CVE-2017-17305

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...

6.2AI score0.01045EPSS
Exploits0References1
Huawei
Huawei
added 2018/08/13 12:0 a.m.31 views

Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products

There is a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability c...

7.8CVSS6.9AI score0.01082EPSS
Exploits0Affected Software4
CVE
CVE
added 2018/04/18 2:0 p.m.51 views

CVE-2016-10469

CVE-2016-10469: In Android (pre-2018-04-05 SPL) on Qualcomm Snapdragon platforms, RSA padding functions in CORE were incorrectly implemented, enabling information exposure. Affected: Android devices with Qualcomm Snapdragon Automotive/mobile/wear SoCs listed; impact described as High for confiden...

7.5CVSS7.8AI score0.00887EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/18 2:0 p.m.24 views

CVE-2016-10469

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820,...

8AI score0.00887EPSS
Exploits0References2
Prion
Prion
added 2018/03/05 6:29 p.m.21 views

Code injection

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

7.1CVSS6.2AI score0.14823EPSS
Exploits0References5Affected Software14
CVE
CVE
added 2018/03/05 6:0 p.m.126 views

CVE-2017-17428

CVE-2017-17428 is a Bleichenbacher-style RSA padding oracle (ROBOT) vulnerability that can allow an attacker to decrypt TLS data by exploiting RSA PKCS#1. Cisco advisories and CERT CERT/SEC records indicate multiple Cisco products (and other vendors’ TLS stacks) were affected and issued updates. ...

7.1CVSS6.3AI score0.14823EPSS
Exploits0References5Affected Software5
Prion
Prion
added 2018/02/26 3:29 p.m.11 views

Code injection

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

4.3CVSS5.8AI score0.01045EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/02/26 3:0 p.m.22 views

CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

5.7AI score0.01045EPSS
Exploits0References1
Prion
Prion
added 2018/01/10 6:29 p.m.18 views

Code injection

Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

4.3CVSS5.7AI score0.02408EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/12/15 12:0 a.m.4 views

Ericsson Erlang otp TLS server information disclosure vulnerability

Ericsson Erlang otp TLS server is a TLS Secure Transport Protocol server written in the Erlang language, developed and maintained by Ericsson, Sweden. A security vulnerability exists in the Ericsson Erlang otp TLS server, which originates from the program responding to different alerts for...

5.9CVSS6.8AI score0.22098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/12/13 4:29 p.m.3 views

CVE-2017-17382

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a...

5.9CVSS5.7AI score0.13817EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2017/05/16 12:0 a.m.81 views

F5 Networks BIG-IP : OpenSSL vulnerability (K23196136) (DROWN)

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS8.1AI score0.82112EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2017/01/05 12:0 a.m.370 views

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3getkeyexchange function in file s3clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the...

10CVSS8.8AI score0.95707EPSS
Exploits11References36
Tenable Nessus
Tenable Nessus
added 2016/11/10 12:0 a.m.285 views

Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the getclientmasterkey function within file s2srvr.c, due ...

10CVSS8.9AI score0.82112EPSS
Exploits3References15
CNVD
CNVD
added 2016/09/05 12:0 a.m.4 views

Jose-php Information Disclosure Vulnerability

jose-php is suitable for PHP JSON object signature and encryption library . A security vulnerability exists in versions of jose-php before 2.2.1, due to the lack of a random padding mechanism in the implementation of the RSA 1.5 algorithm in the JWE.php/JOSEJWE class. A remote attacker can obtain...

5.3CVSS7AI score0.01744EPSS
Exploits0References1
CVE
CVE
added 2016/03/02 12:0 a.m.185 views

CVE-2016-0703

CVE-2016-0703 concerns OpenSSL SSLv2: the get_client_master_key function in s2_srvr.c accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH for arbitrary ciphers, enabling Bleichenbacher-style padding oracle exploitation to recover the MASTER-KEY and decrypt TLS traffic. Public sources attribute t...

5.9CVSS6.8AI score0.05398EPSS
Exploits1References31Affected Software1
Cloud Foundry
Cloud Foundry
added 2016/03/02 12:0 a.m.72 views

CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities | Cloud Foundry

CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities High Vendor OpenSSL Versions Affected SSLv2 Description The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possess...

5.9CVSS6.1AI score0.82112EPSS
Exploits2
seebug.org
seebug.org
added 2016/03/02 12:0 a.m.328 views

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

现在流行的服务器和客户端使用TLS加密, 然而由于错误配置, 许多服务器仍然支持SSLv2, 这是一种古老的协议, 许多客户端已经不支持 SSLv2。 DROWN攻击可以威胁到还在支持 SSLv2 的服务端和客户端,允许攻击者通过发送 probe 到支持 SSLv2 的使用相同密钥的服务端和客户端解密 TLS 通信。 官方关于漏洞的公告: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and...

4.3CVSS7.3AI score0.82112EPSS
Exploits2
OpenSSL
OpenSSL
added 2016/03/01 12:0 a.m.81 views

Vulnerability in OpenSSL - Cross-protocol attack on TLS using SSLv2 (DROWN)

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting...

6.6AI score0.82112EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2016/03/01 12:0 a.m.38 views

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

6.2AI score0.82112EPSS
Exploits2References63
Rows per page
Query Builder