Lucene search
+L

190 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.40 views

openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)

The following vulnerabilities have been fixed in curl : - IMAP, POP3 and SMTP URL sanitization vulnerability CVE-2012-0036 - disable SSLOPDONTINSERTEMPTYFRAGMENTS CVE-2011-3389 - disable SSLOPNETSCAPEREUSECIPHERCHANGEBUG option for older openssl versions CVE-2010-4180 %NASLMINLEVEL 70300 C Tenabl...

7.5CVSS7AI score0.73327EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.31 views

openSUSE Security Update : opera (openSUSE-SU-2011:1025-1) (BEAST)

The Opera browser received a security and bugfix update to 11.51. More information can be found here: http://www.opera.com/docs/changelogs/unix/1151/ CVE-2011-3388 - incorrect security information display CVE-2011-3389 - unspecified 'low severity issue, as reported by Thai Duong and Juliano Rizzo...

4.3CVSS6.8AI score0.73327EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.46 views

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)

Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

10CVSS7.4AI score0.96714EPSS
Exploits20References22
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.44 views

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)

Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

10CVSS7.4AI score0.96714EPSS
Exploits20References22
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.38 views

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)

Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

10CVSS7.4AI score0.96714EPSS
Exploits20References22
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.44 views

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)

Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

10CVSS7.4AI score0.96714EPSS
Exploits20References22
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.41 views

openSUSE Security Update : lighttpd (openSUSE-2012-110)

added lighttpd-1.4.30headfixes.patch: cherry picked 4 fixes from HEAD : - ssl include more headers explicitly - list all network handlers in lighttpd -V fixes lighttpd2376 - Move fdevent subsystem includes to implementation files to reduce conflicts fixes lighttpd2373 - ssl fix segfault in...

5CVSS6.4AI score0.23076EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.24 views

openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)

Fix IMAP, POP3 and SMTP URL sanitization bnc740452, CVE-2012-0036 - Disable SSLOPNETSCAPEREUSECIPHERCHANGEBUG option when built against an older OpenSSL version CVE-2010-4180. - Don't enable SSLOPDONTINSERTEMPTYFRAGMENTS bnc742306, CVE-2011-3389. %NASLMINLEVEL 70300 C Tenable Network Security,...

7.5CVSS6.9AI score0.73327EPSS
Exploits4References5
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.117 views

ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...

4.3CVSS0.1AI score0.73327EPSS
Exploits4
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.77 views

EMC RSA BSAFE Micro Edition Suite security vulnerabilities

Few SSL related vulnerabilities in certificates chain validation and BEAST attacks...

5.8CVSS3.6AI score0.73327EPSS
Exploits4References2Affected Software1
ThreatPost
ThreatPost
added 2014/04/09 8:0 a.m.9 views

Siemens Ruggedcom Addresses BEAST Flaw in WiMax Products

The BEAST attack on some TLS implementations made major news when it was disclosed, showing that attackers could intercept and decrypt SSL-protected sessions in real time, breaking a significant portion of the confidentiality model of the protocol. Vendors rushed to patch and implement mitigation...

1.7AI score
Exploits0References2
securityvulns
securityvulns
added 2014/04/07 12:0 a.m.153 views

ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities

ESA-2013-039.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2013-039 CVE Identifier: CVE-2011-3389, CVE-2013-0169 Severity Rating: CVSS v2 Base Score: Refer NVD http://nvd.nist.gov/ for individual scores for each CVE...

4.3CVSS7.7AI score0.73327EPSS
Exploits4
securityvulns
securityvulns
added 2014/04/07 12:0 a.m.105 views

ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities

ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: For the...

7.5CVSS0.5AI score0.73327EPSS
Exploits12
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.115 views

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities

ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...

9CVSS0.4AI score0.73327EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2014/02/07 12:0 a.m.1240 views

Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)

According to its banner, the remote host is running a version of Kerio Connect formerly known Kerio MailServer prior to 8.1.0. It is, therefore, affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization...

4.3CVSS7.1AI score0.73327EPSS
Exploits4References4
ICS
ICS
added 2014/01/09 7:0 a.m.51 views

Siemens Ruggedcom WIN Products BEAST Attack Vulnerability

OVERVIEW Siemens has identified a BEAST Browser Exploit Against SSL/TLS attack vulnerability in Siemens Ruggedcom WIN products. This vulnerability was originally reported directly to Siemens ProductCERT by Dan Frein and Paul Cotter of West Monroe Partners. Siemens has produced a firmware update...

4.3CVSS7.5AI score0.73327EPSS
Exploits4References10
Kitploit
Kitploit
added 2013/12/31 4:51 p.m.14 views

[Beast-Check] SSL/TLS BEAST Vulnerability Check

A small perl script that checks a target server whether it is prone to BEAST vulnerability via target preferred cipher. It assumes no workaround i.e. EMPTY FRAGMENT applied in target server. Some sources said this workaround was disabled by default for compatibility reasons. This may be the reaso...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2013/11/04 9:52 a.m.22 views

Apple Turns on BEAST Attack Mitigation by Default in Safari

Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions. Apple’s Safari...

7.2AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.5 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2013/10/16 12:0 a.m.65 views

Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST)

The remote Oracle database server is missing the October 2013 Critical Patch Update CPU. It is, therefore, affected by multiple security vulnerabilities in the following components : - Core RDBMS - Oracle Security service - XML Parser %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

6.4CVSS6.9AI score0.73327EPSS
Exploits4References7
Rows per page
Query Builder