Lucene search
K

298 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.25 views

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0634-1)

This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues CWE-310 %NASLMINLEVEL 70300 C Tenable Network...

2.6CVSS7.6AI score0.0343EPSS
Exploits1References3
Prion
Prion
added 2014/02/22 5:5 p.m.26 views

Design/Logic Flaw

The SSLVerifySignedServerKeyExchange function in libsecurityssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a...

5.8CVSS6.5AI score0.05715EPSS
Exploits6References9Affected Software3
OpenVAS
OpenVAS
added 2012/09/11 12:0 a.m.12 views

Slackware Advisory SSA:2009-014-01 openssl

The remote host is missing an update as announced via advisory SSA:2009-014-01. OpenVAS Vulnerability Test $Id: esoftslkssa200901401.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

5.8CVSS7.5AI score0.05146EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.36 views

Scientific Linux Security Update : openssl on SL6.x i386/x86_64

A race condition flaw has been found in the OpenSSL TLS server extension parsing code, which could affect some multithreaded OpenSSL applications. Under certain specific conditions, it may be possible for a remote attacker to trigger this race condition and cause such an application to crash, or...

7.6CVSS8AI score0.22145EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.20 views

Scientific Linux Security Update : openssl on SL6.x i386/x86_64

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSLOPNETSCAPEREUSECIPHERCHANGEBUG option, possibly forcing the clien...

4.3CVSS6.9AI score0.09497EPSS
Exploits0References2
Nmap
Nmap
added 2012/07/07 2:38 p.m.424 views

tls-nextprotoneg NSE Script

Enumerates a TLS server's supported protocols by using the next protocol negotiation extension. This works by adding the next protocol negotiation extension in the client hello packet and parsing the returned server hello's NPN extension data. For more information, see: Script Arguments...

10CVSS0.99448EPSS
Exploits33
NVD
NVD
added 2012/01/27 12:55 a.m.26 views

CVE-2011-4354

crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows...

5.8CVSS6.3AI score0.04044EPSS
Exploits0References8
OSV
OSV
added 2012/01/27 12:55 a.m.2 views

DEBIAN-CVE-2011-4354

crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows...

5.8CVSS6.6AI score0.04044EPSS
Exploits0References1
Prion
Prion
added 2012/01/27 12:55 a.m.28 views

Authentication flaw

crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows...

5.8CVSS6.8AI score0.04044EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2012/01/27 12:0 a.m.38 views

CVE-2011-4354

crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows...

5.8CVSS6.2AI score0.04044EPSS
Exploits0
CVE
CVE
added 2012/01/27 12:0 a.m.89 views

CVE-2011-4354

OpenSSL vulnerability CVE-2011-4354 affects OpenSSL before 0.9.8h on 32-bit platforms, in the ECDH/ECDHE handshake with P-256 and P-384 curves, due to an incorrect modular reduction algorithm in bn_nist.c. This design flaw allows remote attackers to obtain the TLS server private key after multipl...

5.8CVSS6.3AI score0.04044EPSS
Exploits0References8Affected Software1
ThreatPost
ThreatPost
added 2011/05/25 6:28 p.m.16 views

Three Questions for Billy Brumley on the OpenSSL Timing Attack

Timing attacks have been a problem for designers of cryptosystems–as well as for people implementing those systems–for a long time. They’ve plagued just about every popular system, and although practical attacks have been demonstrated many times, the problem and what can be done to defend against...

0.2AI score
Exploits0References2
CERT
CERT
added 2011/05/17 12:0 a.m.59 views

OpenSSL leaks ECDSA private key through a remote timing attack

Overview The OpenSSL ladder implementation for scalar multiplication of points on elliptic curves over binary fields is susceptible to a timing attack vulnerability. This vulnerability can be used to steal the private key of a TLS server that authenticates with ECDSA signatures and binary curves...

2.6CVSS6AI score0.0343EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.29 views

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-2)

Multithreaded OpenSSL servers using the TLS server extension are vulnerable to a buffer overrun attack CVE-2010-3864. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libopenssl-devel-3562. The...

7.6CVSS7.8AI score0.22145EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.30 views

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-1)

Multithreaded OpenSSL servers using the TLS server extension are vulnerable to a buffer overrun attack. CVE-2010-3864 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

7.6CVSS7.6AI score0.22145EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2011/04/01 12:0 a.m.40 views

Fedora 13 : asterisk-1.6.2.17.2-1.fc13 (2011-3945)

The Asterisk Development Team has announced security releases for Asterisk branches 1.6.1, 1.6.2, and 1.8. The available security releases are released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2. These releases are available for immediate download at...

5CVSS5.5AI score0.02724EPSS
Exploits0References11
NVD
NVD
added 2011/03/31 10:55 p.m.18 views

CVE-2011-1175

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash by establishing many short TCP sessions to services that use a certain...

5CVSS6.4AI score0.02724EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2011/03/31 10:0 p.m.21 views

CVE-2011-1175

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash by establishing many short TCP sessions to services that use a certain...

5CVSS6.4AI score0.02724EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/03/29 12:0 a.m.30 views

Fedora 15 : asterisk-1.8.3.2-1.fc15 (2011-3958)

The Asterisk Development Team has announced security releases for Asterisk branches 1.6.1, 1.6.2, and 1.8. The available security releases are released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2. These releases are available for immediate download at...

5CVSS5.5AI score0.02724EPSS
Exploits0References11
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.28 views

AST-2011-004:

Product Asterisk Summary Remote crash vulnerability in TCP/TLS server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Critical Exploits Known No Reported On March 1, 2011 Reported By Blake Cornell [email protected] and Chris Maj [email protected]...

7.1AI score
Exploits0
Rows per page
Query Builder