Lucene search
+L

522 matches found

OSV
OSV
added 2020/06/20 10:45 p.m.8 views

MGASA-2020-0268 Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...

7.4CVSS7.5AI score0.17507EPSS
Exploits3References3
Veracode
Veracode
added 2020/06/02 9:27 a.m.5 views

Man-in-the-middle (MitM)

kylin-engine-mr is vulnerable to man-in-the-middle MitM attack. It is possible because it uses insecure TLS in the function createEasySSLContext in DefaultSslProtocolSocketFactory.java, allowing a man-in-the-middle to intercept the connection...

3.3AI score
Exploits0
OSV
OSV
added 2020/05/28 12:15 p.m.2 views

DEBIAN-CVE-2020-13645

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate...

6.5CVSS6.8AI score0.01933EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/05/26 12:0 a.m.32 views

Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability (cisco-sa-ftd-tls-dos-4v5nmWtZ)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a denial of service DoS vulnerability in its SSL/TLS handler component due to a communication error between internal functions. An unauthenticated, remote attacker can exploit this issue, by sending a...

8.6CVSS7.9AI score0.01956EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/04/17 12:0 a.m.5 views

The vulnerability of the implementation of the HMAC-SHA-256 mechanism in the GnuTLS cryptographic library allows a perpetrator to carry out an “Lucky 13” attack and a attack that recovers the plaintext.

The vulnerability of the HMAC-SHA-256 mechanism implemented in the GnuTLS cryptographic library is related to errors in the implementation of the cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to perform both a “Lucky 13” attack and an attack that recovers the...

7.1CVSS6.3AI score0.03623EPSS
Exploits0References8Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/08 2:55 p.m.12 views

Security Bulletin: Resilient is vulnerable to TLS v1.0 and v1.1 connections

Summary Resilient versions before v35.2 are vulnerable to TLS v1.0 and v1.1 connections. These are no longer considered secure, therefore are not supported as of v35.2, Released in Jan 2020. Vulnerability Details CVEID: CVE-2019-4580 DESCRIPTION: IBM Resilient OnPrem uses weaker than expected...

0.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/30 6:15 p.m.33 views

Security Bulletin: IBM MegaRAID Storage Manager is affected by a vulnerability in TLS (CVE-2019-6485)

Summary The following vulnerability in TLS has been addressed by IBM MegaRAID Storage Manager. Vulnerability Details CVEID: CVE-2019-6485 DESCRIPTION: Citrix NetScaler Application Delivery Controller and NetScaler Gateway could allow a remote attacker to obtain sensitive information, caused by a...

5.9CVSS1.1AI score0.02315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/20 1:36 a.m.23 views

Security Bulletin: TLS padding vulnerability affects IBM Security Access Manager for DataPower (CVE-2014-8730)

Summary IBM Security Access Manager version 8.0.0.5 for DataPower is affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Security Access Manager version 8.0.0.5 for DataPower...

4.3CVSS1.1AI score0.1372EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/27 12:0 a.m.7 views

The vulnerability of the TLS protocol implementation in the Dovecot mail server, related to resource exhaustion, allows attackers to cause service failures.

The vulnerability of the Dovecot mail server’s TLS protocol implementation is related to a configuration error. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.1CVSS6.6AI score0.02602EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2020/02/26 10:43 a.m.10 views

SUSE-SU-2020:0488-1 Security update for nodejs6

This update for nodejs6 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

9.8CVSS8.4AI score0.57132EPSS
Exploits2References7
OSV
OSV
added 2020/02/25 7:57 a.m.37 views

ALSA-2020:0579 Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...

9.8CVSS8.8AI score0.57132EPSS
Exploits2References7
Hacker One
Hacker One
added 2020/02/13 6:43 a.m.18 views

Razer: Insecure HostnameVerifier within WebView of Razer Pay Android (TLS Vulnerability)

The tester discovered the Razer Pay Android application was vulnerable to a client side hijack which could have allowed the capture of important user data. Razer Fintech thanks the tester for their clear PoC...

1.7AI score
Exploits0
NVD
NVD
added 2020/02/04 9:15 p.m.17 views

CVE-2015-2802

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...

7.5CVSS7.3AI score0.06375EPSS
Exploits0References5
Prion
Prion
added 2020/02/04 9:15 p.m.17 views

Information disclosure

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...

5CVSS6.8AI score0.06375EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2020/02/04 8:9 p.m.79 views

CVE-2015-2802

CVE-2015-2802 affects HP SiteScope 11.2/11.3 (Windows/Linux/S Solaris) and HP Asset Manager 9.30–9.32, 9.40–9.41, 9.50, plus Asset Manager Cloudsystem Chargeback 9.40. The vulnerability is a TLS RC4/Bar Mitzvah information disclosure, enabling a remote attacker to obtain sensitive information. Th...

7.5CVSS7.3AI score0.06375EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2020/02/04 8:9 p.m.21 views

CVE-2015-2802

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...

7.3AI score0.06375EPSS
Exploits0References5
OSV
OSV
added 2019/11/25 3:15 p.m.6 views

CVE-2019-13680

Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections...

5.3CVSS8.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2019/10/27 6:41 a.m.29 views

CVE-2019-2821

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human...

5.3CVSS4.9AI score0.01961EPSS
Exploits0References3
OSV
OSV
added 2019/10/07 2:21 p.m.5 views

OPENSUSE-SU-2019:2281-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. bsc1145559 - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel bsc1133625. - CVE-2019-11494: Fixed a...

9.8CVSS8.6AI score0.62579EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2019/10/01 7:39 p.m.13 views

CVE-2019-0231

Handling of the closenotify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This...

7.5CVSS6.6AI score0.02201EPSS
Exploits0
Rows per page
Query Builder