Lucene search
K

63 matches found

Wired Threat Level
Wired Threat Level
added 2019/03/28 10:0 a.m.59 views

HTTPS Isn't Always as Secure as It Seems

A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear...

Exploits0
OSV
OSV
added 2019/03/08 8:24 a.m.5 views

SUSE-SU-2019:0572-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

5.9CVSS5.3AI score0.17139EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:10 a.m.45 views

Security Bulletin: Vulnerability in RC4 cipher stream and multiple vulnerabilities in IBM SDK Java Technology Edition affects IBM Systems Director

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in January and April 2015. This bulletin also addresses the RC4 bar mitzvah attack on SSL/TLS. Vulnerability Detail...

7.5CVSS0.6AI score0.73851EPSS
Exploits5
Veracode
Veracode
added 2019/01/28 3:23 a.m.20 views

Man-in-the-Middle (MitM)

kube-rbac-proxy is vulnerable to man-in-the-middle attack. Insecure ciphers and TLS 1.0 are used to establish an SSL connection between the client and server, which would allow a remote attacker to exploit TLS vulnerabilities and perform man-in-the-middle attacks to sniff traffic containing...

7.5CVSS7.3AI score0.00663EPSS
Exploits0References5Affected Software1
Kitploit
Kitploit
added 2018/11/24 12:43 p.m.1079 views

Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage...

9.8CVSS10AI score0.99999EPSS
Exploits346References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:25 p.m.40 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 5.0 , Version 6.0 and Version 7.0 that is used by Security Directory Integrator. Some of these issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also address...

5CVSS1AI score0.9986EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2018/02/13 3:0 p.m.1 views

EUVD-2018-1310

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session...

9.8CVSS9.6AI score0.03317EPSS
Exploits0References10
OSV
OSV
added 2018/01/08 7:29 p.m.8 views

CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback...

9.8CVSS9.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2017/12/07 1:51 p.m.21 views

Banking Apps Found Vulnerable to MITM Attacks

Leading US and UK-based banks have patched a flaw found in their Android and iOS mobile apps that allowed adversaries to conduct man-in-the-middle attacks to steal customer credentials and view and manipulate network traffic. According to researchers at the School of Computer Science at the...

7.6AI score
Exploits0References2
OSV
OSV
added 2017/10/27 12:51 p.m.5 views

SUSE-SU-2017:2872-2 Security update for MozillaFirefox, mozilla-nss

This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 bsc1060445 MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handsha...

10CVSS8.6AI score0.03641EPSS
Exploits3References12
Oracle linux
Oracle linux
added 2016/09/27 12:0 a.m.310 views

openssl security update

1.0.1e-48.3 - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TSOBJprintbio - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix...

10CVSS0.2AI score0.99999EPSS
Exploits133
OSV
OSV
added 2015/09/26 12:0 a.m.32 views

DLA-315-1 nss - security update

Bulletin has no description...

4.3CVSS4.8AI score0.03594EPSS
Exploits1
OSV
OSV
added 2015/05/11 8:10 p.m.8 views

MGASA-2015-0212 Updated async-http-client packages fix security vulnerabilities

Updated async-http-client packages fix security vulnerabilities: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also uses client certificates. This can be exploited by a Man-in-the-middle MITM attack...

4.3CVSS6.1AI score0.00993EPSS
Exploits0References3
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.43 views

mono security vulnerabilities

Multiple TLS related vulnerabilities...

7.5CVSS1.6AI score0.03539EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2014/08/25 8:44 a.m.7 views

MGASA-2014-0348 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side...

5.8CVSS6.3AI score0.09149EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/04/16 12:0 a.m.59 views

AIX OpenSSL Advisory : ssl_advisory.asc

The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where th...

9.8CVSS7.8AI score0.87264EPSS
Exploits15References3
OpenVAS
OpenVAS
added 2013/02/11 12:0 a.m.50 views

CentOS Update for java CESA-2013:0245 centos6

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2013:0245 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

10CVSS0.5AI score0.08087EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2013/02/10 12:0 a.m.67 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130208)

Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-147...

10CVSS7.9AI score0.89987EPSS
Exploits10References23
Gentoo Linux
Gentoo Linux
added 2008/06/23 12:0 a.m.42 views

OpenSSL: Denial of service

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Ossi Herrala and Jukka Taimisto of Codenomicon discovered two vulnerabilities: A double free call in the...

4.3CVSS8.6AI score0.05EPSS
Exploits1
OSV
OSV
added 2006/07/07 12:5 a.m.8 views

CVE-2006-3411

TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys...

6.9AI score
Exploits0References5
Rows per page
Query Builder