Lucene search
K

155 matches found

Cvelist
Cvelist
added 2017/08/30 7:0 p.m.23 views

CVE-2017-12735

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic...

7.3AI score0.01126EPSS
Exploits0References2
CNVD
CNVD
added 2017/08/26 12:0 a.m.5 views

Multiple Westermo Routers Hardcoded Password Vulnerability

The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers are vulnerable to a hard-coded password vulnerability where the device uses a hard-coded special key that allows an attacker to decrypt traffic from any other source...

7.1AI score
Exploits0References1
NVD
NVD
added 2017/08/25 4:29 p.m.16 views

CVE-2016-5816

A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source...

7.5CVSS7.7AI score0.01532EPSS
Exploits0References1
rapid7community
rapid7community
added 2017/05/17 9:31 p.m.47 views

CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key

Today, Rapid7 is notifying Nexpose and InsightVM users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. ...

7.4AI score0.00376EPSS
Exploits0
Prion
Prion
added 2017/04/07 5:59 p.m.20 views

Design/Logic Flaw

A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process consumes a high level of CPU resources. Affected Products...

7.1CVSS5.8AI score0.01473EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2017/04/07 12:0 a.m.4 views

PT-2017-16156 · Cisco · Cisco Firepower System

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software versions 6.0.0 through 6.2.1 Description: A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets could allow an unauthenticated, remote attacker to cause a denial of service DoS...

7.1CVSS7.3AI score0.01473EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/09/08 12:0 a.m.254 views

Blue Coat ProxySG 6.5.x < 6.5.9.8 / 6.6.x < 6.6.4.1 Multiple OpenSSL Vulnerabilities

The self-reported SGOS version installed on the remote Blue Coat ProxySG device is 6.5.x prior to 6.5.9.8 or 6.6.x prior to 6.6.4.1. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - Multiple flaws exist in the aesnicbchmacsha1cipher function in file...

10CVSS7.7AI score0.89058EPSS
Exploits7References4
Kitploit
Kitploit
added 2016/06/14 9:53 p.m.37 views

RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)

Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...

7.1AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/03/03 12:0 a.m.61 views

OpenSSL SSLv2 DROWN Attack Vulnerability - Windows

OpenSSL is prone to the DROWN attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescripti...

5.9CVSS8.1AI score0.82112EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2016/03/01 12:0 a.m.740 views

SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)

The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN Decrypting RSA with Obsolete and Weakened eNcryption. This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 SSLv...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References3
myhack58
myhack58
added 2016/02/03 12:0 a.m.22 views

OpenSSL high-risk vulnerabilities allow attackers to decrypt HTTPS traffic-bug warning-the black bar safety net

OpenSSL maintainer to fix a high risk vulnerability allows an attacker can obtain the decryption of HTTPS and other encrypted traffic key. Vulnerability the potential impact of While serious, but the need to meet multiple criteria to be used: the vulnerability exists only in OpenSSL 1.0.2; rely o...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2015/12/18 12:0 a.m.16 views

Multiple Security issues with ScreenOS (JSA10713)

ScreenOS is vulnerable to an unauthorized remote administrative access to the device over SSH or telnet and to unauthorized decrypting of VPN traffic SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

10CVSS8.1AI score0.614EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2015/12/07 12:0 a.m.70 views

Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 6.4.10 or 7.0.0-OD-02. It is, therefore, potentially affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with...

5CVSS5.8AI score0.74006EPSS
Exploits0References2
CNVD
CNVD
added 2015/08/18 12:0 a.m.6 views

Microsoft XML Core Services Man-in-the-Middle Information Disclosure Vulnerability (CNVD-2015-05495)

Microsoft XML Core Services MSXML is a user to allow the use of JScript, VBScript and Visual Studio 6.0 users to develop XML-based applications , in order to interoperate with other applications that follow the XML 1.0 standard . A security vulnerability exists in Microsoft XML Core Services that...

4.3CVSS6.7AI score0.15539EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/08/04 5:13 p.m.8 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2015/07/30 5:14 p.m.11 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2015/07/22 7:56 p.m.12 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2015/07/22 7:33 p.m.12 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2015/07/15 12:37 p.m.6 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
CNVD
CNVD
added 2015/07/08 12:0 a.m.6 views

Mono SSLv2 Fallback Security Bypass Vulnerability

Mono is a free and open source project. The goal of the project is to create a series of ECMA-compliant Ecma-334 and Ecma-335 .NET tools , including the C compiler and common language architecture . A security bypass vulnerability exists in Mono that stems from an error in the TLS state machine. ...

9.8CVSS6.7AI score0.03539EPSS
Exploits0References1
Rows per page
Query Builder