PT-2024-37164 · Br · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to 6.0.2 Description: The issue concerns the use of Diffie-Hellman groups with insufficient strength in the SSL/TLS stack, allowing a network attacker to decrypt the SSL/TLS communication. Recommendations...

SUSE CVE-2016-3125

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A race condition was found in the way N...

Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK for Node.js™

Summary This bulletin describes CVE-2015-3197 that was reported on January 26, 2015 by the OpenSSL Project, plus two additional vulnerabilities. Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by the use of...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2016-0701, CVE-2015-3197)

Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM Image Construction and Composition Tool. IBM Image Construction and Composition Tool has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0701 DESCRIPTION: OpenSSL...

ProFTPD < 1.3.5b / 1.3.6x < 1.3.6rc2 weak Diffie-Hellman key

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5b or 1.3.6x prior to 1.3.6rc2 and is affected by an issue in the modtls module, which might cause a weaker than intended...

DEBIAN-CVE-2016-3125

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

Gratipay: strengthen Diffie-Hellman (DH) key exchange parameters in grtp.co

Hi, server supports weak Diffie-Hellman DH key exchange parameters in grtp.co Poc:https://www.ssllabs.com/ssltest/analyze.html?d=grtp.co more description about weak Diffie-Hellman DH key exchange parameters https://weakdh.org/...

openSUSE Security Update : openldap2 (openSUSE-2016-104) (Logjam)

This update fixes the following security issues : - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

openSUSE: Security Advisory for openldap2 (openSUSE-SU-2016:0255-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for openldap2 (important)

This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

Security update for openldap2 (important)

This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

openSUSE Security Update : openldap2 (openSUSE-2016-92) (Logjam)

This update fixes the following security issues : - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2016:0224-1) (Logjam)

This update fixes the following security issues : - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

SUSE-SU-2016:0224-1 Security update for openldap2

This update fixes the following security issues: - CVE-2015-6908: The bergetnext function allowed remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. bsc945582 - CVE-2015-4000: Fix weak...

Microsoft Schannel Information Disclosure Vulnerability (3061518)

This host is missing an important security update according to Microsoft Bulletin MS15-055. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20140916)

A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. CVE-2013-1740 A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker coul...

SSL Server Accepts Weak Diffie-Hellman Keys

The remote SSL/TLS server accepts a weak Diffie-Hellman DH public key value. This flaw may aid an attacker in conducting a man-in-the-middle MiTM attack against the remote server since it could enable a forced calculation of a fully predictable Diffie-Hellman secret. By itself, this flaw is not...

Tor: Information disclosure

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes. Impact By setting up a malicio...