Lucene search
+L

28 matches found

Debian CVE
Debian CVE
added 2019/07/23 1:16 p.m.37 views

CVE-2019-11727

A vulnerability exists where it possible to force Network Security Services NSS to sign CertificateVerify with PKCS1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerabilit...

5.3CVSS7.8AI score0.01741EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/07/18 6:22 a.m.33 views

CVE-2019-11727

A vulnerability exists where it possible to force Network Security Services NSS to sign CertificateVerify with PKCS1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerabilit...

5.3CVSS2.3AI score0.01741EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/07/11 12:0 a.m.35 views

CVE-2019-11727

A vulnerability exists where it possible to force Network Security Services NSS to sign CertificateVerify with PKCS1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerabilit...

5.3CVSS6.8AI score0.01741EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2017/09/28 12:0 a.m.31 views

nss security update

3.28.4-12 - Backport patch to simplify transcript calculation for CertificateVerify...

7.5CVSS1.5AI score0.03153EPSS
Exploits0
NVD
NVD
added 2015/01/09 2:59 a.m.20 views

CVE-2015-0205

The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...

5CVSS5.7AI score0.24626EPSS
Exploits0References36
EUVD
EUVD
added 2015/01/09 2:0 a.m.7 views

EUVD-2015-0242

The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...

5CVSS6.2AI score0.24626EPSS
Exploits0References43
CVE
CVE
added 2015/01/09 2:0 a.m.138 views

CVE-2015-0205

CVE-2015-0205 affects OpenSSL 1.0.0 (before 1.0.0p) and 1.0.1 (before 1.0.1k). The issue: a Diffie-Hellman (DH) certificate could be accepted for client authentication without requiring a CertificateVerify message, enabling remote attackers to obtain access without the private key via crafted TLS...

5CVSS6.5AI score0.24626EPSS
Exploits0References36Affected Software1
Debian CVE
Debian CVE
added 2015/01/09 2:0 a.m.42 views

CVE-2015-0205

The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...

5CVSS7.2AI score0.24626EPSS
Exploits0
Rows per page
Query Builder