Lucene search
+L

588 matches found

OpenVAS
OpenVAS
added 2021/02/17 12:0 a.m.24 views

OpenSSL: Incorrect SSLv2 rollback protection (CVE-2021-23839) - Windows

OpenSSL is prone to an incorrect SSLv2 rollback protection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

4.3CVSS5.7AI score0.02961EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/02/17 12:0 a.m.20 views

OpenSSL: Incorrect SSLv2 rollback protection (CVE-2021-23839) - Linux

OpenSSL is prone to an incorrect SSLv2 rollback protection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

4.3CVSS5.7AI score0.02961EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 5:15 p.m.57 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

3.7CVSS1.9AI score
Exploits0References10
UbuntuCve
UbuntuCve
added 2021/02/16 5:15 p.m.34 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS6.7AI score0.02961EPSS
Exploits0References4
Prion
Prion
added 2021/02/16 5:15 p.m.24 views

Design/Logic Flaw

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS5.4AI score0.02961EPSS
Exploits0References9Affected Software8
Vulnrichment
Vulnrichment
added 2021/02/16 4:55 p.m.23 views

CVE-2021-23839 Incorrect SSLv2 rollback protection

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

6.5AI score0.02961EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2021/02/16 4:55 p.m.28 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS5.6AI score0.02961EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/02/16 4:55 p.m.52 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS5.7AI score0.02961EPSS
Exploits0
Cvelist
Cvelist
added 2021/02/16 4:55 p.m.23 views

CVE-2021-23839 Incorrect SSLv2 rollback protection

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

5.8AI score0.02961EPSS
Exploits0References10
CVE
CVE
added 2021/02/16 4:55 p.m.298 views

CVE-2021-23839

CVE-2021-23839 describes a padding-check logic error in OpenSSL 1.0.2 (affecting 1.0.2s–1.0.2x) where RSA_padding_check_SSLv23() mis-handles SSLv2 rollback protection. The bug causes a server configured for SSLv2 in combination with newer TLS versions to accept connections when a version-rollback...

4.3CVSS5.5AI score0.02961EPSS
Exploits0References10Affected Software1
OpenSSL
OpenSSL
added 2021/02/16 12:0 a.m.80 views

Vulnerability in OpenSSL - Incorrect SSLv2 rollback protection

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

5.6AI score0.02961EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2020/12/06 3:51 a.m.13 views

Arbitrary Code Execution

ssldump is vulnerable to arbitrary code execution. A buffer underflow allows remote attackers to cause a denial of service memory corruption via a malicious SSLv2 challenge value...

10CVSS7.9AI score0.02977EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2020/04/10 12:12 a.m.32 views

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. Two buffer overflow flaws were found in the Network Security Services NSS code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird...

6.8CVSS4AI score0.5036EPSS
Exploits0References70Affected Software5
Veracode
Veracode
added 2020/04/10 12:12 a.m.34 views

Arbitrary Code Execution

mozilla nss is vulnerable to arbitrary code execution. Two buffer overflow flaws were found in the Network Security Services NSS code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird...

6.8CVSS4.2AI score0.04335EPSS
Exploits0References78Affected Software5
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2017-1109)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04302EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2019-1169)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.4AI score0.01496EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2017-1108)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04302EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2019-1397)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.03153EPSS
Exploits0References2
Fedora
Fedora
added 2020/01/21 1:40 a.m.16 views

[SECURITY] Fedora 31 Update: nss-3.49.0-1.fc31

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.229 views

SSLv2-Only Open Ports Unsupported

This plugin detects if the remote host has any open ports which only support SSLv2. This protocol has been deprecated since 2011 because of security vulnerabilities and most major SSL libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL do not provide this functionality in their latest versions...

5.8AI score
Exploits0References1
Rows per page
Query Builder