Lucene search
K

465 matches found

osv
osv
added 2018/08/15 6:29 p.m.3 views

CVE-2018-8753

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack...

5.9CVSS5.8AI score0.01634EPSS
Exploits0References2
nvd
nvd
added 2018/08/15 6:29 p.m.17 views

CVE-2018-8753

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack...

5.9CVSS5.7AI score0.01634EPSS
Exploits0References2
attackerkb
attackerkb
added 2018/08/15 6:29 p.m.5 views

CVE-2018-8753

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack...

5.9CVSS5.6AI score0.01634EPSS
Exploits0References3
prion
prion
added 2018/08/15 6:29 p.m.22 views

Code injection

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack...

4.3CVSS5.8AI score0.01634EPSS
Exploits0References2Affected Software1
cve
cve
added 2018/08/15 6:0 p.m.44 views

CVE-2018-8753

CVE-2018-8753 affects the IKEv1 implementation in Clavister cOS Core (versions before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09). The root cause is a Bleichenbacher RSA padding oracle that allows remote attackers to decrypt RSA-encrypted nonces during IKEv1 authentication, ...

5.9CVSS5.7AI score0.01634EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2018/08/15 6:0 p.m.21 views

CVE-2018-8753

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack...

5.8AI score0.01634EPSS
Exploits0References2
threatpost
threatpost
added 2018/08/14 4:7 p.m.38 views

Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw

A new Bleichenbacher oracle cryptographic attack has been set loose on the world, using a 20-year-old protocol flaw to compromise the Internet Key Exchange IKE protocol used to secure IP communications. Specifically, the attack targets IKE’s handshake implementation used for IPsec-based VPN...

4.3CVSS0.4AI score0.01722EPSS
Exploits0References6
ibm
ibm
added 2018/08/03 4:23 a.m.35 views

Security Bulletin: IBM Java Quarterly CPU - April 2014 affecting Rational Business Developer (CVE-2014-0453)

Summary IBM SDK, which is based on an Oracle Java Development Kit JDK, is shipped with Rational Business Developer. Oracle has released the April 2014 critical patch updates CPU that contain security vulnerability fixes for the JDK. The IBM SDK has been updated to incorporate these fixes and...

4CVSS0.8AI score0.04899EPSS
Exploits0Affected Software1
osv
osv
added 2018/07/31 2:29 p.m.5 views

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.9CVSS5.8AI score0.01087EPSS
Exploits0References1
nvd
nvd
added 2018/07/31 2:29 p.m.22 views

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.9CVSS5.7AI score0.01087EPSS
Exploits0References1
cvelist
cvelist
added 2018/07/31 2:0 p.m.29 views

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.7AI score0.01087EPSS
Exploits0References1
cnvd
cnvd
added 2018/07/10 12:0 a.m.2 views

Weak Algorithm Vulnerability in Multiple Huawei Products

Huawei eSpace U1981 and so on are products of Huawei China. eSpace U1981 is a voice gateway product. VP9660 is a multimedia switching platform. A weak cryptographic algorithm vulnerability exists in multiple Huawei products. Exploiting the vulnerability, an unauthenticated remote attacker needs t...

5.9CVSS5.5AI score0.01087EPSS
Exploits0References1
ibm
ibm
added 2018/06/17 4:53 a.m.30 views

Security Bulletin: Rational Service Tester vulnerabilities due to security vulnerabilities in IBM JRE 1.5, 1.6 and 1.7 (CVE-2014-0411, CVE-2014-0453)

Summary A potential security vulnerability exists in the IBM Java Runtime Environment component of IBM Rational Service Tester related to the use of SSL/TLS. Patches for these vulnerabilities are available in IBM JRE 7 iFixes provided with IBM Rational Service Tester version 8.6. Vulnerability...

4CVSS1.1AI score0.04899EPSS
Exploits0Affected Software1
ibm
ibm
added 2018/06/17 4:53 a.m.18 views

Security Bulletin: Rational Performance Tester vulnerabilities due to security vulnerabilities in IBM JRE 1.5, 1.6 and 1.7 (CVE-2014-0411, CVE-2014-0453)

Summary A potential security vulnerability exists in the IBM Java Runtime Environment component of IBM Rational Performance Tester related to the use of SSL/TLS. Patches for these vulnerabilities are available in IBM JRE 7 iFixes provided with IBM Rational Performance Tester version 8.6...

4CVSS1AI score0.04899EPSS
Exploits0Affected Software1
symantec
symantec
added 2018/05/16 8:0 a.m.45 views

SA160: Return of the Bleichenbacher Oracle Threat (ROBOT)

SUMMARY Symantec Network Protection products using affected SSL/TLS server implementations and RSA key exchange are susceptible to a variation of the Bleichenbacher adaptive chosen ciphertext attack. A remote attacker, who has captured a pre-recorded encrypted SSL session to the target, can...

4.3CVSS0.5AI score0.01929EPSS
Exploits0Affected Software2
osv
osv
added 2018/04/18 6:29 a.m.7 views

SUSE-SU-2018:0974-1 Security update for erlang

This update for erlang fixes the following security issue: - CVE-2017-1000385: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when exploited, may result in plaintext...

5.9CVSS5.5AI score0.22098EPSS
Exploits0References3
redhat
redhat
added 2018/03/15 12:34 p.m.6 views

erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack

An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle MiTM attack, despite the attacker not...

5.9CVSS6.4AI score0.22098EPSS
Exploits0References4
redhat
redhat
added 2018/02/27 4:23 p.m.10 views

erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack

An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle MiTM attack, despite the attacker not...

5.9CVSS6.4AI score0.22098EPSS
Exploits0References4
nessus
nessus
added 2018/02/15 12:0 a.m.40 views

Ubuntu 14.04 LTS / 16.04 LTS : Erlang vulnerabilities (USN-3571-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3571-1 advisory. It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to...

9.8CVSS7AI score0.22098EPSS
Exploits1References5
ubuntu
ubuntu
added 2018/02/14 2:54 p.m.126 views

USN-3571-1: Erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...

9.8CVSS6.7AI score0.22098EPSS
Exploits1
Rows per page
Query Builder