Lucene search
K

149 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.32 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Connect:Express for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Connect:Express for UNIX Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS0.9AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.97 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling Connect:Direct for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Sterling Connect:Direct for UNIX. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

5CVSS0.6AI score0.74006EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/01 8:19 a.m.29 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational DOORS Web Access (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Rational DOORS Web Access. Vulnerability Details Rational DOORS Web Access is affected by the following vulnerabilities disclosed in and corrected by the JRE critical patch updates: CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, a...

5CVSS0.1AI score0.74006EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.29 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Application Developer for WebSphere Software (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. A...

5CVSS0.4AI score0.74006EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/12/18 3:15 p.m.2 views

DEBIAN-CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS7.5AI score0.01379EPSS
Exploits1References1
Prion
Prion
added 2019/12/18 3:15 p.m.16 views

Information disclosure

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

5.8CVSS7AI score0.01379EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2019/12/18 3:15 p.m.20 views

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS7.2AI score0.01379EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/12/18 2:31 p.m.18 views

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS7AI score0.01379EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2019/12/18 2:31 p.m.18 views

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS7AI score0.01379EPSS
Exploits1
OSV
OSV
added 2019/12/03 10:15 p.m.2 views

DEBIAN-CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.8AI score0.02289EPSS
Exploits1References1
OSV
OSV
added 2019/12/03 10:15 p.m.2 views

UBUNTU-CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.7AI score0.02289EPSS
Exploits1References4
Prion
Prion
added 2019/12/03 10:15 p.m.17 views

Denial of service

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

4.3CVSS7.4AI score0.02289EPSS
Exploits1References3Affected Software3
Debian CVE
Debian CVE
added 2019/12/03 9:55 p.m.19 views

CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.5AI score0.02289EPSS
Exploits1
Talos
Talos
added 2019/12/03 12:0 a.m.35 views

Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...

7.4CVSS7.3AI score0.01379EPSS
Exploits1
Talos
Talos
added 2019/12/03 12:0 a.m.289 views

Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.6AI score0.02289EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.17 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Netezza Platform Software (CVE-2015-2808)

Summary The RC4 Bar Mitzvah Attack for SSL/TLS affects IBM Netezza Platform Software. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit thi...

5CVSS0.7AI score0.74006EPSS
Exploits0Affected Software1
Schneier on Security
Schneier on Security
added 2019/10/04 5:4 p.m.104 views

More Cryptanalysis of Solitaire

In 1999, I invented the Solitaire encryption algorithm, designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon, and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I mad...

0.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/05 12:59 p.m.60 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Personal Communications (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Personal Communications. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

5CVSS6.5AI score0.74006EPSS
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2019/02/08 9:4 p.m.264 views

Google Boosts Encryption For Low-End Android Devices

Google introduced a new storage encryption solution that it hopes will expand security efforts across its full spectrum of Android-powered devices – including low-end devices that typically can’t support encryption. The new encryption offering, Adiantum, aims to solve a big issue that has plagued...

1.1AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.26 views

Security Bulletin: Vulnerability in RC4 stream cipher affects MegaRAID Storage Manager (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" Attack for SSL/TLS affects MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the vulnerability. Vulnerability Details Summary The RC4 "Bar Mitzvah" Attack for SSL/TLS affects MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the...

5CVSS1AI score0.74006EPSS
Exploits0Affected Software1
Rows per page
Query Builder