Lucene search
+L

471 matches found

CNVD
CNVD
added 2016/09/21 12:0 a.m.3 views

Metasploit config.action_dispatch.cookies_serializer deserialization vulnerability

Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, validate mitigations for vulnerabilities, and manage expert-driven security for assessments that provide true security risk intelligence. A deserialization...

8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/01/08 1:26 a.m.3 views

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

5.9CVSS7.1AI score0.0288EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2014/04/14 12:0 a.m.40 views

FreeBSD : OpenSSL -- Local Information Disclosure (7ccd4def-c1be-11e3-9d09-000c2980a9f3)

OpenSSL reports : A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. A local attacker might be able to snoop a signing process and might recover the signing key from it. %NASLMINLEVEL 70300 C Tenable Network Security, In...

1.9CVSS7.1AI score0.00942EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2014/04/07 12:0 a.m.38 views

OpenSSL -- Local Information Disclosure

OpenSSL reports: A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. A local attacker might be able to snoop a signing process and might recover the signing key from it...

1.9CVSS6.4AI score0.00942EPSS
Exploits1References1
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.66 views

[ MDVSA-2013:241 ] perl-Crypt-DSA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:241 http://www.mandriva.com/en/support/security/ Package : perl-Crypt-DSA Date : September 25, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discover...

5.8CVSS6.2AI score0.01958EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.22 views

Scientific Linux Security Update : GPG-RPM key on SL3.x, SL4.x, SL5.x i386/x86_64

Updating the GPG keys in the release to include a Scientific Linux RPM signing key to sign the rpm's with. We will start using this new key, and stop using Connie or Troy's personal GPG Keys for signing rpm's. This is labeled as Moderate because those machines that have gpg checking turned on wil...

5.5AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/05/24 11:45 a.m.9 views

Yahoo Includes Private Key in Source File For Axis Chrome Extension

Yahoo on Wednesday launched a new browser called Axis and researchers immediately discovered that the company had mistakenly included its private signing key in the source file, a serious error that would allow an attacker to create a malicious, signed extension for a browser that the browser wil...

0.4AI score
Exploits0References3
NVD
NVD
added 2011/10/10 10:55 a.m.31 views

CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

5.8CVSS6.4AI score0.01958EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2011/10/10 10:55 a.m.25 views

CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

5.8CVSS5.9AI score0.01958EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2011/10/10 10:0 a.m.84 views

CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

5.8CVSS6.4AI score0.01958EPSS
Exploits0
Cvelist
Cvelist
added 2008/03/06 12:0 a.m.22 views

CVE-2008-1184

The DNSSEC validation library libval library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks...

6.3AI score0.0127EPSS
Exploits0References8
Rows per page
Query Builder