Lucene search
+L

588 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/10/19 4:7 p.m.31 views

Security Bulletin: IBM Rational Build Forge is vulnerable to denial of service, weaker than expected security, and could allow a remote attacker to obtain sensitive information due to the use of OpenSSL

Summary IBM Rational Build Forge is vulnerable to denial of service, weaker than expected security, and could allow a remote attacker to obtain sensitive information due to the use of OpenSSL CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2020-1971, CVE-2020-1968. IBM has addressed these...

7.5CVSS7.1AI score0.50732EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 2:14 p.m.52 views

Security Bulletin: IBM Safer Payments is vulnerable to multiple OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

Summary IBM Safer Payments uses OpenSSL. These OpenSSL vulnerabilities are addressed in IBM Safer Payments. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of t...

7.5CVSS7.1AI score0.50732EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.25 views

Debian: Security Advisory (DLA-421-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS8.1AI score0.10731EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.27 views

Debian: Security Advisory (DLA-971-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04302EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.32 views

K55143785: NSS vulnerability CVE-2017-7502

Security Advisory Description Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. CVE-2017-7502 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

7.5CVSS7.5AI score0.04302EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.76 views

K95463126: OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704

Security Advisory Description CVE-2016-0703 The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, whic...

5.9CVSS8AI score0.82112EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.47 views

K41738501: Mozilla NSS vulnerability CVE-2018-12384

Security Advisory Description When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not...

5.9CVSS6AI score0.01496EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.60 views

K16321: OpenSSL vulnerability CVE-2015-0293

Security Advisory Description The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message. CVE-2015-0293...

5CVSS6.7AI score0.21247EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
added 2023/02/21 6:44 p.m.43 views

K6734: Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

10CVSS7.8AI score0.48575EPSS
Exploits10
F5 Networks
F5 Networks
added 2023/02/21 5:34 p.m.70 views

K23196136: OpenSSL vulnerability CVE-2016-0800

Security Advisory Description The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to...

5.9CVSS7.9AI score0.82112EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 5:30 p.m.95 views

K33209124: OpenSSL vulnerability CVE-2015-3197

Security Advisory Description ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to t...

5.9CVSS8AI score0.10731EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.4 views

SUSE CVE-2015-3197

ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the getclientmasterkey and...

5.9CVSS6.7AI score0.10731EPSS
Exploits2References28
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.7 views

SUSE CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS6.2AI score0.82112EPSS
Exploits2References38
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7502

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker...

7.5CVSS9.2AI score0.04302EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.3 views

SUSE CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

4.8CVSS6.8AI score0.01496EPSS
Exploits0References14
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA40145 - [Pulse Secure] January 28th 2016 OpenSSL Security Advisory

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 28th 2016 the OpenSSL project announced two new security advisories. The OpenSSL advisory can be found at the following link: https://www.openssl.org/news/secadv/20160128.tx...

5.9CVSS7AI score0.83645EPSS
Exploits2
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.25 views

SA40168 - [Pulse Secure] March 1st 2016 OpenSSL Security Advisory

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On March 1st 2016 the OpenSSL project announced new security advisories. These issues may affect Pulse Secure products. The OpenSSL advisory can be found at the following link:...

10CVSS7.4AI score0.82112EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/01/20 6:36 p.m.41 views

K61903372: OpenSSL vulnerability CVE-2021-23839

Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support...

4.3CVSS6.2AI score0.02961EPSS
Exploits0Affected Software3
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-3372-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.95707EPSS
Exploits7References2
CNVD
CNVD
added 2022/05/31 12:0 a.m.30 views

Command Execution Vulnerability in OpenSSL (CNVD-2022-51192)

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms ,...

10CVSS7.6AI score0.83223EPSS
Exploits5References1
Rows per page
Query Builder