Lucene search
+L

65 matches found

Prion
Prion
added 2016/01/09 2:59 a.m.25 views

Code injection

Mozilla Network Security Services NSS before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof...

4.3CVSS6.8AI score0.0288EPSS
Exploits0References52Affected Software6
RedHat Linux
RedHat Linux
added 2016/01/08 1:39 a.m.4 views

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

5.9CVSS7.1AI score0.0288EPSS
Exploits0References7
OSV
OSV
added 2015/12/31 12:0 a.m.3 views

UBUNTU-CVE-2015-7575

Mozilla Network Security Services NSS before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof...

5.9CVSS6.6AI score0.0288EPSS
Exploits0References14
OSV
OSV
added 2015/12/06 8:59 p.m.4 views

DEBIAN-CVE-2015-3196

ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...

4.3CVSS8.9AI score0.12814EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2015/12/04 12:0 a.m.10 views

PT-2018-19151

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 2.1.11 mbed TLS versions prior to 2.7.2 mbed TLS versions prior to 2.8.0 Description The issue is related to a buffer over-read in the ssl parse server key exchange function, which could cause a crash when handling...

7.5CVSS6.8AI score0.02114EPSS
Exploits0References25
OSV
OSV
added 2015/12/04 12:0 a.m.3 views

UBUNTU-CVE-2015-1794

The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message...

5CVSS6.9AI score0.0498EPSS
Exploits0References4
OSV
OSV
added 2015/12/03 12:0 a.m.1 views

UBUNTU-CVE-2015-3196

ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...

4.3CVSS6.8AI score0.12814EPSS
Exploits1References4
NVD
NVD
added 2015/10/09 5:59 a.m.20 views

CVE-2015-5887

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data...

10CVSS5.3AI score0.02461EPSS
Exploits0References4
Prion
Prion
added 2015/10/09 5:59 a.m.19 views

Design/Logic Flaw

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data...

10CVSS6.7AI score0.02461EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/10/09 1:0 a.m.25 views

CVE-2015-5887

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data...

6.2AI score0.02461EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/08/24 3:38 p.m.7 views

NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)

It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE Elliptic Curve Diffie-Hellman key Exchange. A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection...

4.3CVSS7.3AI score0.03275EPSS
Exploits1References5
OSV
OSV
added 2015/07/06 2:0 a.m.1 views

DEBIAN-CVE-2015-2721

Mozilla Network Security Services NSS before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle...

4.3CVSS8.4AI score0.03275EPSS
Exploits1References1
OSV
OSV
added 2015/07/05 12:0 a.m.5 views

UBUNTU-CVE-2015-2721

Mozilla Network Security Services NSS before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle...

4.3CVSS6.1AI score0.03275EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2015/06/25 6:17 a.m.4 views

NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)

It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE Elliptic Curve Diffie-Hellman key Exchange. A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection...

4.3CVSS7.3AI score0.03275EPSS
Exploits1References5
OSV
OSV
added 2015/01/09 2:59 a.m.5 views

DEBIAN-CVE-2014-3572

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5CVSS6.3AI score0.06574EPSS
Exploits0References1
OSV
OSV
added 2015/01/08 12:0 a.m.13 views

UBUNTU-CVE-2014-3572

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5CVSS6.7AI score0.06574EPSS
Exploits0References3
NVD
NVD
added 2014/02/22 5:5 p.m.35 views

CVE-2014-1266

The SSLVerifySignedServerKeyExchange function in libsecurityssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a...

7.4CVSS6.8AI score0.05715EPSS
Exploits6References9
Prion
Prion
added 2014/02/22 5:5 p.m.27 views

Design/Logic Flaw

The SSLVerifySignedServerKeyExchange function in libsecurityssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a...

5.8CVSS6.5AI score0.05715EPSS
Exploits6References9Affected Software3
Cvelist
Cvelist
added 2014/02/22 3:0 p.m.33 views

CVE-2014-1266

The SSLVerifySignedServerKeyExchange function in libsecurityssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a...

6.8AI score0.05715EPSS
Exploits6References9
ThreatPost
ThreatPost
added 2014/02/22 8:7 a.m.9 views

SSL Vulnerability Affects OSX Too

The certificate-validation vulnerability that Apple patched in iOS yesterday also affected Mac OS X up to 10.9.1, the current version. Several security researchers analyzed the patch and looked at the code in question in OS X and found that the same error exists there as in iOS. Researcher Adam...

0.6AI score
Exploits0References5
Rows per page
Query Builder