Lucene search
+L

522 matches found

NVD
NVD
added 2017/07/10 8:29 p.m.17 views

CVE-2017-5652

During a routine security analysis, it was found that one of the ports in Apache Impala incubating 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...

7.5CVSS7.5AI score0.01217EPSS
Exploits1References2
CNVD
CNVD
added 2017/04/21 12:0 a.m.5 views

ARM mbedTLS Remote Code Execution Vulnerability

ARM mbed TLS formerly PolarSSL is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A security vulnerability exists in ARM mbed TLS versions prior to 1.3.19, 2.x versions prior to 2.1.7, and 2.4.x versions prior to 2.4.2. A remote attacker cou...

8.1CVSS8.3AI score0.0339EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2017/03/03 12:0 a.m.267 views

RedHat Update for openssl RHSA-2017:0286-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.57595EPSS
Exploits2References2
Hacker One
Hacker One
added 2017/02/18 8:36 p.m.230 views

Open-Xchange: SSL Certification Expired And TLS Vulnerability

I Found SSL Certification Expired at https://licenses.dovecot.fi/ I Found Vulnerability CVE-2016-2183 lists.dovecot.fi CVE-2016-2183 Description : A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover...

5CVSS0.2AI score0.95707EPSS
Exploits7
seebug.org
seebug.org
added 2017/02/10 12:0 a.m.85 views

F5 TLS vulnerability (CVE-2016-9244) (Ticketbleed)

Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...

5CVSS7.8AI score0.74EPSS
Exploits7
OSV
OSV
added 2016/11/25 2:45 p.m.6 views

SUSE-SU-2016:2915-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: - insecure SSL/TLS key and certificate file creation CVE-2016-4983 bnc 984639 - Fix LDAP based authentication for some setups boo 1003952...

3.3CVSS4.1AI score0.00395EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2016/09/26 7:59 p.m.48 views

CVE-2016-6307

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c...

5.9CVSS6.9AI score0.13837EPSS
Exploits0References2
CNVD
CNVD
added 2016/09/19 12:0 a.m.5 views

EMC RSA BSAFE Micro Edition Suite TLS Man-in-the-Middle Attack Vulnerability

EMC RSA BSAFE Micro Edition Suite MES is an encryption toolkit from EMC Corporation. The toolkit helps developers achieve stable and secure application design.TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating...

6.7AI score
Exploits0References1
Prion
Prion
added 2016/08/08 1:59 a.m.15 views

Default credentials

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors...

4.3CVSS6.1AI score0.01438EPSS
Exploits0References9Affected Software2
ThreatPost
ThreatPost
added 2016/04/05 2:52 p.m.13 views

BREACH Revived to Steal Private Messages from Gmail, Facebook

The BREACH attack hasn’t been top of mind since the summer of 2013, but two researchers have found new ways to exploit and persistently attack traffic, including Gmail and Facebook chat sessions. The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of th...

0.2AI score
Exploits0References3
OSV
OSV
added 2016/03/15 12:58 p.m.15 views

SUSE-SU-2016:0770-1 Security update for java-1_6_0-ibm

This update for java-160-ibm fixes the following issues by updating to 6.0-16.20 bsc963937 - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

10CVSS8AI score0.14714EPSS
Exploits1References15
myhack58
myhack58
added 2016/03/07 12:0 a.m.22 views

Drown cross-Protocol attack on the TLS vulnerability analysis-vulnerability warning-the black bar safety net

Ticker 2 0 1 6 years 3 month 2 days, the OpenSSL official released a new security Bulletin. Mentioned in the post to fix a high risk vulnerability--DROWN cross-Protocol attack on the TLS vulnerability. Baidu cloud security threat management team joint Baidu security Emergency Response Center the...

Exploits0
ThreatPost
ThreatPost
added 2016/03/01 12:30 p.m.55 views

DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack

Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...

4.3CVSS0.82112EPSS
Exploits2References7
OSV
OSV
added 2016/02/11 10:52 a.m.17 views

SUSE-SU-2016:0433-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues by updating to 7.0-9.30 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

10CVSS8AI score0.14714EPSS
Exploits1References14
Prion
Prion
added 2016/01/01 5:59 a.m.14 views

Code injection

IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service MQXR service crash via unspecified vectors...

5CVSS7AI score0.02367EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2015/11/24 12:31 a.m.43 views

Radancy: RC4 cipher suites detected

A group of researchers Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt have found new attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical fla...

0.4AI score
Exploits0
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.57 views

Oracle: Security Advisory (ELSA-2014-0625)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.99977EPSS
Exploits13References2
Cvelist
Cvelist
added 2015/08/20 10:0 a.m.32 views

CVE-2015-0535

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, relate...

6.6AI score0.0106EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/08/11 12:0 a.m.245 views

AIX 6.1 TL 8 : sendmail (IV75644) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

4.3CVSS7.3AI score0.9986EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2015/07/30 5:14 p.m.11 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
Rows per page
Query Builder