Lucene search
+L

203 matches found

BDU FSTEC
BDU FSTEC
added 2018/08/17 12:0 a.m.7 views

The vulnerability of the IKE protocol implementation in Cisco IOS and Cisco IOS XE operating systems allows attackers to gain access to protected information.

The vulnerability of the IKE protocol’s implementation in Cisco IOS and Cisco IOS XE operating systems is related to decoding errors in traffic. Exploiting this vulnerability can allow a malicious actor to gain access to session keys and decode traffic by sending specially crafted data packets to...

5.9CVSS5.5AI score0.01722EPSS
Exploits0References5Affected Software2
UbuntuCve
UbuntuCve
added 2018/07/27 6:29 p.m.25 views

CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

6.5CVSS6.7AI score0.00534EPSS
Exploits3References4
OSV
OSV
added 2018/07/27 6:29 p.m.2 views

DEBIAN-CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

5.5CVSS9.1AI score0.00534EPSS
Exploits3References1
OSV
OSV
added 2018/07/27 6:29 p.m.2 views

ALPINE-CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

5.5CVSS6.5AI score0.00534EPSS
Exploits3References1
AlpineLinux
AlpineLinux
added 2018/07/27 6:0 p.m.62 views

CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

6.5CVSS5.6AI score0.00534EPSS
Exploits3
Debian CVE
Debian CVE
added 2018/07/27 6:0 p.m.29 views

CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

6.5CVSS6.1AI score0.00534EPSS
Exploits3
Prion
Prion
added 2018/05/17 1:29 p.m.23 views

Session fixation

Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required...

4.3CVSS5.5AI score0.01609EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/05/17 1:29 p.m.6 views

CVE-2017-15533

Symantec SSL Visibility SSLV 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remo...

5.9CVSS5.8AI score0.01929EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/02/02 12:0 a.m.49 views

SUSE SLED12 / SLES12 Security Update : libXdmcp (SUSE-SU-2018:0338-1)

This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046 Note that Tenable Network Security has extracted the preceding description block directly from th...

6.5CVSS6.5AI score0.00534EPSS
Exploits3References4
CNVD
CNVD
added 2017/11/06 12:0 a.m.4 views

Catalyst Mahara Cross-Site Request Forgery Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 1.9 prior to 1.9.8, 1.10 prior to 1.10.6, and 15.04 prior to 15.04.3, which stems from the...

6.8CVSS6.8AI score0.00403EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/09/11 12:0 a.m.31 views

EulerOS 2.0 SP1 : libXpm, libXdmcp, libICE (EulerOS-SA-2017-1211)

According to the versions of the libXpm, libXdmcp, libICE packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash...

9.8CVSS6.6AI score0.07528EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2017/09/11 12:0 a.m.39 views

EulerOS 2.0 SP2 : libXpm, libXdmcp, libICE (EulerOS-SA-2017-1212)

According to the versions of the libXpm, libXdmcp, libICE packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash...

9.8CVSS6.6AI score0.07528EPSS
Exploits3References4
OSV
OSV
added 2017/09/07 9:7 a.m.6 views

MGASA-2017-0330 Updated libxdmcp packages fix security vulnerability

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...

6.5CVSS6.6AI score0.00534EPSS
Exploits3References3
Mageia
Mageia
added 2017/09/07 9:7 a.m.46 views

Updated libxdmcp packages fix security vulnerability

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...

6.5CVSS1.7AI score0.00534EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2017/08/04 12:0 a.m.63 views

RedHat Update for X.org X11 libraries RHSA-2017:1865-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.3AI score0.07528EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2017/08/01 1:50 p.m.5 views

libXdmcp: weak entropy usage for session keys

It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

6.5CVSS5.8AI score0.00534EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2017/07/07 12:0 a.m.33 views

openSUSE Security Update : libXdmcp (openSUSE-2017-789)

This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable boo1025046 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

6.5CVSS6.4AI score0.00534EPSS
Exploits3References2
Prion
Prion
added 2017/06/11 2:29 a.m.21 views

Code injection

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

4.3CVSS6.7AI score0.02318EPSS
Exploits0References7Affected Software1
FreeBSD
FreeBSD
added 2017/04/04 12:0 a.m.44 views

libXdmcp -- insufficient entropy generating session keys

The freedesktop and x.org project reports: It was discovered that libXdmcp before 1.1.3 used weak entropy to generate session keys on platforms without arc4randombuf but with getentropy. On a multi-user system using xdmcp, a local attacker could potentially use information available from the...

6.5CVSS1.7AI score0.00534EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2017/03/01 12:18 a.m.32 views

CVE-2017-2625

It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

6.5CVSS3.5AI score0.00534EPSS
Exploits3References1
Rows per page
Query Builder