EUVD-2016-7256

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-6329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to the Sweet32 attack.

Summary The 3DES cipher was available in some TLS cipher suites. Vulnerability Details CVEID:CVE-2016-2183 DESCRIPTION: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-2183)

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

Linux Distros Unpatched Vulnerability : CVE-2016-2183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billi...

Weak Cryptography

github.com/kyverno/kyverno is vulnerable to Weak Cryptography. The vulnerability exits due the use of insecure ciphers such as TLSECDHERSAWITH3DESEDECBCSHA secp256r1 and TLSRSAWITH3DESEDECBCSHA rsa 2048, which are known to be vulnerable to the Sweet32 attack...

K30315990: OpenVPN vulnerability CVE-2016-6329

Security Advisory Description OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attac...

SUSE CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

SUSE CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

Mageia: Security Advisory (MGASA-2016-0338)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Python < 2.7.13, 3.4.x < 3.4.7, 3.5.x < 3.5.3 Sweet32 attack (bpo-27850) - Linux

Python is prone to a SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2838-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sweet32 Attack

OpenVPN is vulnerable to Sweet32 Attack. When using a 64-bit block cipher, it is easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

PT-2020-13308 · Ericsson +1 · Erlang/Otp +1

Name of the Vulnerable Software and Affected Versions: Yaws versions 2.0.2 through 2.0.7 Description: The issue concerns the loading of obsolete TLS ciphers in Yaws, which can be exploited for Sweet32 attacks. This occurs when Yaws is running on an Erlang/OTP virtual machine with a version less...

SWEET32 Attack

github.com/mholt/caddy is vulnerable to birthday attacks. The attacks exist because it uses weak ciphers for default TLS configurations, leaving the attackers to easily find collisions...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

SUSE-SU-2017:2838-1 Security update for openvpn

This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. bsc1060877. - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn...

EulerOS 2.0 SP1 : python (EulerOS-SA-2016-1090)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximate...

SUSE-SU-2017:0839-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remo...

New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Hi, I get in touch to report that cloud.newrelic.com is vulnerable to CVE-2014-3566 POODLE. Websites that support SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM Man-in-the-middle attack. This attack, called POODLE, is similar to the BEAST attack and also allows a network...