Lucene search
+L

53 matches found

NVD
NVD
added 2022/11/23 5:15 p.m.29 views

CVE-2021-35246

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...

5.3CVSS0.00331EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/23 4:48 p.m.8 views

CVE-2021-35246 Unprotected Transport of Credentials (HSTS) Vulnerability

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...

5.3CVSS5.3AI score0.00331EPSS
Exploits0References3
Apple
Apple
added 2022/06/14 12:0 a.m.87 views

About the security content of Apple Music 3.9.10 for Android

About the security content of Apple Music 3.9.10 for Android This document describes the security content of Apple Music 3.9.10 for Android. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred...

7.5CVSS6.4AI score0.00613EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/21 6:17 p.m.8 views

CVE-2021-31562 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm

The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an...

6.5CVSS9.2AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2021/04/29 6:15 p.m.30 views

CVE-2021-1402

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validati...

8.6CVSS0.01386EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/02/11 12:0 a.m.53 views

F5 Networks BIG-IP : BIG-IP SSL/TLS vulnerability (K09121542)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.0.0. It is, therefore, affected by a vulnerability as referenced in the K09121542 advisory. - On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation...

5.8CVSS6.3AI score0.00536EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/11/24 9:0 p.m.31 views

CVE-2020-29055

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

5.8AI score0.00658EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.42 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Sterling Connect:Direct Browser User Interface

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.7.0 that is used by Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in April 2015 and July 2015. This bulletin also addresses...

5.5CVSS0.5AI score0.9986EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 2020/05/26 12:0 a.m.32 views

Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability (cisco-sa-ftd-tls-dos-4v5nmWtZ)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a denial of service DoS vulnerability in its SSL/TLS handler component due to a communication error between internal functions. An unauthenticated, remote attacker can exploit this issue, by sending a...

8.6CVSS7.9AI score0.01956EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2019/10/01 7:39 p.m.13 views

CVE-2019-0231

Handling of the closenotify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This...

7.5CVSS6.6AI score0.02201EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:59 p.m.45 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Workload Scheduler (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM embedded WebSphere Application Server that is used by Tivoli Workload Scheduler. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

4.3CVSS0.1AI score0.03239EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:4 a.m.34 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-4000, CVE-2015-0478, CVE-2015-1916).

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Service Tester. There are also multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.7 that is used by Rational Service Tester. These issues were disclosed as part of t...

5CVSS1AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:13 p.m.14 views

Security Bulletin: IBM Cognos Business Intelligence Sever 2015Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in April...

6.8CVSS1AI score0.73851EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.41 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System. (CVE-2015-2808, CVE-2015-0204, CVE-2015-1916, and CVE-2015-0138)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 and 7, that is used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: “Factoring Attack on RSA-EXPORT keys"...

5CVSS1.2AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.27 views

Security Bulletin: Vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM SDK Java Technology Edition, Version 6 and IBM SDK Java Technology Edition, Version 7 that is used by IBM OS Images for Red Hat Linux Systems, AIX, and Windows. Vulnerability Details CVEID...

4.3CVSS1.3AI score0.03239EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2017/03/03 12:0 a.m.267 views

RedHat Update for openssl RHSA-2017:0286-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.57595EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.57 views

Oracle: Security Advisory (ELSA-2014-0625)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.99977EPSS
Exploits13References2
Tenable Nessus
Tenable Nessus
added 2015/07/23 12:0 a.m.68 views

Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)

According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection XXE flaw exists in the Apache ActiveMQ component due to a faulty...

9.8CVSS7.6AI score0.9986EPSS
Exploits3References20
myhack58
myhack58
added 2015/05/11 12:0 a.m.15 views

SSL/TLS is the latest vulnerability ordination ceremony parsing-vulnerability warning-the black bar safety net

2 0 1 5 year 3 month, there are about 3 0% of the network communication is controlled by the RC4 to be protected. By“ordination ceremony”attack, the attacker may be in a particular environment just by sniffing the visit listen you can restore using RC4 to protect the encrypted information in plai...

0.8AI score
Exploits0
Oracle linux
Oracle linux
added 2015/04/02 12:0 a.m.364 views

openssl-fips security update

1.0.1m-2.0.1 - update to upstream 1.0.1m - update to fips canister 2.0.9 - regenerated below patches openssl-1.0.1-beta2-rpmbuild.patch openssl-1.0.1m-rhcompat.patch openssl-1.0.1m-ecc-suiteb.patch openssl-1.0.1m-fips-mode.patch openssl-1.0.1m-version.patch openssl-1.0.1m-evp-devel.patch...

10CVSS0.2AI score0.99999EPSS
Exploits158
Rows per page
Query Builder