Lucene search
K

588 matches found

Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.224 views

Deprecated SSLv2 Connection Attempts

This plugin enumerates and reports any SSLv2 connections which were attempted as part of a scan. This protocol has been deemed prohibited since 2011 because of security vulnerabilities and most major ssl libraries such as openssl, nss, mbed and wolfssl do not provide this functionality in their...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/11/19 12:0 a.m.155 views

SSLv2-Only Open Ports

This plugin detects if the remote host has any open ports which only support SSLv2. This protocol has been deprecated since 2011 because of security vulnerabilities and most major SSL libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL do not provide this functionality in their latest versions...

5.4AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/18 1:57 p.m.52 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Cast Iron

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron. WebSphere Cast Iron has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability Vulnerability Details...

10CVSS0.8AI score0.82112EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2019/11/13 6:30 p.m.23 views

CVE-2010-4533

offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies...

9.6AI score0.01033EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2019/11/13 6:30 p.m.45 views

CVE-2010-4533

Removed by vendor...

9.8CVSS9.5AI score0.01033EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/10/09 10:23 p.m.30 views

CVE-2018-12384

A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack...

5.9CVSS2.2AI score0.01496EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2019/08/16 12:0 a.m.460 views

openssl security update

1.0.1e-58.0.1 - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.1e-58 - fi...

10CVSS0.1AI score0.99999EPSS
Exploits179
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.36 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities: - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption v...

10CVSS8.8AI score0.87264EPSS
Exploits59References25
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.27 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attack...

7.5CVSS6.5AI score0.04399EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.47 views

NewStart CGSL MAIN 4.05 : nss Multiple Vulnerabilities (NS-SA-2019-0105)

The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by multiple vulnerabilities: - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted...

9.8CVSS8.4AI score0.04741EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.44 views

EulerOS Virtualization for ARM 64 3.0.1.0 : nss (EulerOS-SA-2019-1397)

According to the versions of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero...

7.5CVSS7.8AI score0.03153EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.29 views

EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL...

7.5CVSS9.1AI score0.9986EPSS
Exploits23References21
OSV
OSV
added 2019/04/29 3:29 p.m.32 views

CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

5.9CVSS6.5AI score0.01496EPSS
Exploits0References2
NVD
NVD
added 2019/04/29 3:29 p.m.25 views

CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

5.9CVSS5.6AI score0.01496EPSS
Exploits0References2
Prion
Prion
added 2019/04/29 3:29 p.m.22 views

Design/Logic Flaw

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

4.3CVSS5.7AI score0.01496EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/04/29 2:22 p.m.23 views

CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

5.9AI score0.01496EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/04/29 2:22 p.m.26 views

CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

5.9CVSS6.3AI score0.01496EPSS
Exploits0
CVE
CVE
added 2019/04/29 2:22 p.m.253 views

CVE-2018-12384

The CVE-2018-12384 issue affects Mozilla NSS (as used by Firefox) where handling an SSLv2-compatible ClientHello uses an all-zero random value instead of a fresh one, enabling malleability and potential information leakage in TLS 1.2 on affected NSS versions prior to 3.39. The vulnerability does ...

5.9CVSS5.9AI score0.01496EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2019/04/29 2:22 p.m.47 views

CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

5.9CVSS6.2AI score0.01496EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.24 views

EulerOS Virtualization 2.5.3 : nss (EulerOS-SA-2019-1169)

According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A...

5.9CVSS6.1AI score0.01496EPSS
Exploits0References2
Rows per page
Query Builder