Lucene search
K

155 matches found

CNVD
CNVD
added 2020/12/08 12:0 a.m.4 views

SIEMENS SICAM A8000 RTUs SSL Configuration Insecurity Vulnerability

The SIEMENS SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the SIEMENS SICAM A8000 RTUs. An attacker could exploit the vulnerability to decrypt communications...

7.3CVSS6.8AI score0.00564EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.10 views

多款Siemens产品安全漏洞

The SIEMENS SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the SIEMENS SICAM A8000 RTUs. An attacker could exploit the vulnerability to decrypt communications...

7.3CVSS7.2AI score0.00564EPSS
Exploits0References5
FireEye
FireEye
added 2020/04/02 12:0 a.m.18 views

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...

Exploits0References8
CVE
CVE
added 2020/02/25 3:38 p.m.84 views

CVE-2019-5137

The Moxa AWK-3131A Series (firmware 1.13) ServiceAgent uses a hard-coded cryptographic key, enabling decryption of network traffic to/from the device. CVE-2019-5137 (CVSSv3 7.5) details the root cause and impact (confidentiality HIGH). A vendor patch is available; apply the security update from M...

7.5CVSS7.5AI score0.02304EPSS
Exploits1References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/22 4:17 a.m.54 views

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2019-1559 Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP...

5.9CVSS1.7AI score0.17139EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/08/14 5:15 p.m.1 views

DEBIAN-CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

8.1CVSS7.6AI score0.02691EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2019/08/13 12:0 a.m.55 views

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

8.1CVSS7AI score0.02691EPSS
Exploits2References7
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/08 7:20 p.m.47 views

Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)

Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2019-1559 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts...

5.9CVSS1AI score0.17139EPSS
Exploits0Affected Software1
Prion
Prion
added 2019/05/03 5:29 p.m.28 views

Design/Logic Flaw

A vulnerability in the Deterministic Random Bit Generator DRBG, also known as Pseudorandom Number Generator PRNG, used in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a cryptographic...

5CVSS7.5AI score0.01712EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2018/04/17 12:0 a.m.4 views

IBM BigFix Remote Control Encryption Issue Vulnerability (CNVD-2018-08559)

IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. An encryption issue vulnerability exists in IBM BigFix Remote Control. A remote attacker could exploit this vulnerability by performing a man-in-the-middle attack to decrypt traffic...

5.8CVSS6.8AI score0.00325EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/02/28 12:0 a.m.91 views

Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to...

5.9CVSS8.1AI score0.82112EPSS
Exploits2References7
CNVD
CNVD
added 2017/12/15 12:0 a.m.3 views

Radware Alteon Information Disclosure Vulnerability

Radware Alteon is an application delivery controller product from Radware Israel. A security vulnerability exists in Radware Alteon using firmware versions 31.0.0.0 through 31.0.3.0. An attacker could exploit the vulnerability to decrypt observed traffic and perform other private key operations...

5.9CVSS6.9AI score0.15577EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/10/18 4:12 p.m.9 views

wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a Wireles...

5.3CVSS7.3AI score0.01742EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2017/10/18 4:12 p.m.10 views

wpa_supplicant: Reinstallation of the group key in the group key handshake

A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a group k...

5.3CVSS6.7AI score0.02285EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2017/10/17 9:38 p.m.7 views

wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake

A new exploitation technique called key reinstallation attacks KRACKs affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key PTK-TK during a...

6.8CVSS6.7AI score0.02388EPSS
Exploits0References7
Prion
Prion
added 2017/10/05 7:29 a.m.21 views

Design/Logic Flaw

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak...

5CVSS8.3AI score0.01589EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/10/05 7:29 a.m.35 views

CVE-2017-12245

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak...

8.6CVSS8.4AI score0.01589EPSS
Exploits0References2
CVE
CVE
added 2017/10/05 7:0 a.m.73 views

CVE-2017-12245

CVE-2017-12245 describes a memory-consumption DoS vulnerability in Cisco Firepower Threat Defense (FTD) Software’s SSL traffic decryption. Root cause: an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and communicates with the ASA handler, enabling an unauthentic...

8.6CVSS8.4AI score0.01589EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/10/05 7:0 a.m.38 views

CVE-2017-12245

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak...

8.5AI score0.01589EPSS
Exploits0References2
Cisco
Cisco
added 2017/10/04 4:0 p.m.108 views

Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service Vulnerability

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory. If this memory leak persists over time, a denial of service DoS condition could develop because traffic can cease to be...

8.6CVSS8.5AI score0.01589EPSS
Exploits0References1
Rows per page
Query Builder