Lucene search
+L

588 matches found

Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.32 views

openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)

This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 bsc1119105 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack bsc1119069 - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS respond...

5.9CVSS6.1AI score0.44398EPSS
Exploits1References5
Oracle linux
Oracle linux
added 2019/03/13 12:0 a.m.321 views

openssl security update

1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...

10CVSS0.5AI score0.99999EPSS
Exploits185
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/21 11:30 a.m.42 views

Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384)

Summary IBM MQ Appliance has addressed the following Mozilla Network Security Services NSS vulnerability. Vulnerability Details CVEID: CVE-2018-12384 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caus...

5.9CVSS1AI score0.01496EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2019/01/15 9:17 a.m.25 views

Denial Of Service (DoS)

nss is vulnerable to denial of service DoS attacks. The vulnerability exists as a null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker...

7.5CVSS8.1AI score0.04302EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2019/01/15 9:10 a.m.45 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service attacks. The attacks are due to a flaw in the way OpenSSL does the SSLv2 handshake messages. Therefore, when it has SSLv2 and EXPORT-grade cipher suites enabled, attackers can send malicious SSLv2 CLIENT-MASTER-Key messages to cause server failures...

5CVSS5AI score0.21247EPSS
Exploits0References61Affected Software2
Veracode
Veracode
added 2019/01/15 9:10 a.m.29 views

Cipher Bypass

OpenSSL is vulnerable to cipher bypasses. A malicious user can negotiate and complete an SSLv2 handshake with the server even if the ciphers have been disabled on the server. SSLv2 handshakes are vulnerable to man-in-the-middle attacks...

5.9CVSS6.8AI score0.10731EPSS
Exploits2References43Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.43 views

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:0553-1)

OpenSSL was updated to fix various security issues. Following security issues were fixed : - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

7.5CVSS7.4AI score0.44503EPSS
Exploits1References25
OPENSUSE Linux
OPENSUSE Linux
added 2018/12/13 12:16 p.m.58 views

Security update for mozilla-nss (moderate)

This update for mozilla-nss to version 3.36.6 fixes the following issues: Security issues fixed: - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random bmo1483128, boo1106873 - CVE-2018-12404: Cache side-channel variant of the...

5.4AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/10/25 12:0 a.m.18 views

Amazon Linux AMI : nss (ALAS-2018-1095)

A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 C Tenable Network Security, Inc. The descriptive text and package checks in this...

5.9CVSS6AI score0.01496EPSS
Exploits0References2
Amazon
Amazon
added 2018/10/24 12:0 a.m.42 views

Medium: nss

Issue Overview: A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 Affected Packages: nss Note: This advisory is applicable to Amazo...

5.9CVSS6.3AI score0.01496EPSS
Exploits0
Amazon
Amazon
added 2018/10/23 12:0 a.m.554 views

Medium: nss

Issue Overview: A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 Affected Packages: nss Issue Correction: Run yum update nss or yu...

5.9CVSS6.3AI score0.01496EPSS
Exploits0
NVD
NVD
added 2018/08/17 2:29 p.m.24 views

CVE-2018-15355

Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118...

5.9CVSS5.7AI score0.00787EPSS
Exploits0References1
Prion
Prion
added 2018/08/17 2:29 p.m.21 views

Code injection

Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118...

4.3CVSS5.8AI score0.00787EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/08/17 2:0 p.m.31 views

CVE-2018-15355

Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118...

5.8AI score0.00787EPSS
Exploits0References1
CVE
CVE
added 2018/08/17 2:0 p.m.48 views

CVE-2018-15355

The CVE concerns Kraftway 24F2XG Router, firmware 3.5.30.1118, where use of SSLv2/SSLv3 enables decryption of transmitted data. According to connected sources, a remote attacker could perform a man‑in‑the‑middle to decrypt traffic. CVSS metrics indicate Confidentiality Impact High (CVSS‑3.0: base...

5.9CVSS5.7AI score0.00787EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/08/03 3:43 p.m.4 views

SUSE-SU-2018:2181-1 Recommended update for yast2-ftp-server

This update for yast2-ftp-server fixes the following issues: Feature update: fate321043: Added additional searchkeys to desktop file. Security issues fixed: - bsc921303: Drop SSLv2 and SSLv3 as it is dropped for security reason for vsftpd. Bug fixes: - bsc1041829: Do not modify value when Browse...

7.3AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/03 4:23 a.m.34 views

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-2086, CVE-2016-2216, CVE-2015-3197)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Security vulnerabilities have been discovered in the IBM SDK f...

7.5CVSS0.6AI score0.10731EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:36 a.m.24 views

Security Bulletin: A vulnerability in NSS affects PowerKVM

Summary PowerKVM is affected by a vulnerability in Network Security Services NSS. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-7502 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a...

7.5CVSS0.9AI score0.04302EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:28 a.m.51 views

Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified

Summary Cross-protocol attack on TLS using SSLv2 Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect u...

9.8CVSS1.1AI score0.44505EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:28 a.m.54 views

Security Bulletin: Multiple vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified

Summary Cross-protocol attack on TLS using SSLv2 Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free...

10CVSS1.4AI score0.32414EPSS
Exploits2Affected Software1
Rows per page
Query Builder