Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : erlang-18.3.4.7-1.0.1.el7.AXS7 (AXSA:2017-2480:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2480:01 advisory. The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt conten...

5.9CVSS6.6AI score0.22098EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-0738

Malware in sbrugna...

5.9CVSS7.8AI score0.05398EPSS
Exploits1References43
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2016:0778-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.9AI score0.89557EPSS
Exploits22References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2016:0748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.6AI score0.89557EPSS
Exploits21References2
Cvelist
Cvelist
added 2018/08/21 1:0 p.m.27 views

CVE-2017-17305

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...

6.2AI score0.01045EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:41 p.m.51 views

Security Bulletin: Vulnerabilities in Open Source openSSL affect IBM Security Identity Governance Appliance

Summary Vulnerabilities in Open Source openssl that is used by IBM Security Identity Governance Vulnerability Details CVEID: CVE-2016-0797 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BNhex2bn/BNdec2bn function. An attacker could exploit...

10CVSS1.8AI score0.82112EPSS
Exploits2Affected Software1
NVD
NVD
added 2018/03/05 6:29 p.m.28 views

CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

7.1CVSS6.5AI score0.1501EPSS
Exploits0References5
CVE
CVE
added 2018/03/05 6:0 p.m.123 views

CVE-2017-17428

CVE-2017-17428 is a Bleichenbacher-style RSA padding oracle (ROBOT) vulnerability that can allow an attacker to decrypt TLS data by exploiting RSA PKCS#1. Cisco advisories and CERT CERT/SEC records indicate multiple Cisco products (and other vendors’ TLS stacks) were affected and issued updates. ...

7.1CVSS6.3AI score0.1501EPSS
Exploits0References5Affected Software5
Cvelist
Cvelist
added 2018/03/05 6:0 p.m.28 views

CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

6.5AI score0.1501EPSS
Exploits0References5
Prion
Prion
added 2018/02/26 3:29 p.m.10 views

Code injection

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

4.3CVSS5.8AI score0.01045EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/02/26 3:0 p.m.45 views

CVE-2018-5762

Unisys ClearPath MCP TCP/IP networking module TLS implementation is vulnerable to a Bleichenbacher RSA padding oracle (ROBOT) leading to possible decryption of TLS ciphertext. Affected versions are TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044. The CNVD entr...

5.9CVSS5.7AI score0.01045EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/02/26 3:0 p.m.20 views

CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

5.7AI score0.01045EPSS
Exploits0References1
Prion
Prion
added 2017/12/13 4:29 p.m.25 views

Code injection

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a...

4.3CVSS6.2AI score0.13817EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2017/05/16 12:0 a.m.81 views

F5 Networks BIG-IP : OpenSSL vulnerability (K23196136) (DROWN)

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS8.1AI score0.82112EPSS
Exploits2References2
Veracode
Veracode
added 2017/01/27 8:38 a.m.40 views

DROWN Attack

OpenSSL is vulnerable to the DROWN attack. The DROWN attack is also known as a Bleichenbacher RSA padding oracle. This vulnerability allows a malicious user to recover a session key from SSL2.0 connections, allowing them to decrypt such connections...

5.9CVSS7.6AI score0.82112EPSS
Exploits2References64Affected Software4
OPENSUSE Linux
OPENSUSE Linux
added 2016/03/02 11:12 p.m.43 views

Security update for openssl (important)

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS1.3AI score0.83645EPSS
Exploits2References9
Prion
Prion
added 2016/03/02 11:59 a.m.42 views

Sql injection

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to...

4.3CVSS6AI score0.82112EPSS
Exploits2References31Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/03/02 12:0 a.m.130 views

OpenSSL 1.0.1 < 1.0.1s Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.1s. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1s advisory. - The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a...

10CVSS7.6AI score0.82112EPSS
Exploits2References13
seebug.org
seebug.org
added 2016/03/02 12:0 a.m.326 views

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

现在流行的服务器和客户端使用TLS加密, 然而由于错误配置, 许多服务器仍然支持SSLv2, 这是一种古老的协议, 许多客户端已经不支持 SSLv2。 DROWN攻击可以威胁到还在支持 SSLv2 的服务端和客户端,允许攻击者通过发送 probe 到支持 SSLv2 的使用相同密钥的服务端和客户端解密 TLS 通信。 官方关于漏洞的公告: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and...

4.3CVSS7.3AI score0.82112EPSS
Exploits2
CVE
CVE
added 2016/03/02 12:0 a.m.184 views

CVE-2016-0703

CVE-2016-0703 concerns OpenSSL SSLv2: the get_client_master_key function in s2_srvr.c accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH for arbitrary ciphers, enabling Bleichenbacher-style padding oracle exploitation to recover the MASTER-KEY and decrypt TLS traffic. Public sources attribute t...

5.9CVSS6.8AI score0.05398EPSS
Exploits1References31Affected Software1
Rows per page
Query Builder