Lucene search
K

2877 matches found

Positive Technologies
Positive Technologies
added 2022/08/28 12:0 a.m.5 views

PT-2022-23857 · Hirevue · Hirevue Hiring Platform

Name of the Vulnerable Software and Affected Versions: HireVue Hiring Platform version V1.0 Description: The issue concerns the use of a broken or risky cryptographic algorithm. However, this is disputed by the vendor due to inconsistencies with CVE ID assignment rules for cloud services and the...

7.5CVSS6.9AI score0.00375EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.36 views

Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)

Summary SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the “BEAST” attack. SSL protocol is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVE-ID : CVE-2011-3389 DESCRIPTION : Multiple products could allow a remote...

4.3CVSS7.5AI score0.73327EPSS
Exploits4Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 6:23 p.m.19 views

Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Business Services Fabric (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” attack for SSL/TLS affects IBM WebSphere Application Server that is used by WebSphere Business Services Fabric. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to...

5CVSS6.6AI score0.74006EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2022/08/10 10:13 a.m.2 views

golang.org/x/crypto: empty plaintext packet causes panic

There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...

7.5CVSS6.8AI score0.00948EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/29 2:15 p.m.2 views

CVE-2022-2576

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...

7.5CVSS7.1AI score0.00507EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/07/29 2:15 p.m.17 views

Design/Logic Flaw

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...

5CVSS7.4AI score0.00507EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/07/25 12:43 p.m.5 views

OPENSUSE-SU-2022:2546-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability bsc1201225. - Use AES as default cipher instead of 3DES when we are in FIPS mode. bsc1196125...

6.5CVSS6.7AI score0.02551EPSS
Exploits1References4
OSV
OSV
added 2022/07/25 12:43 p.m.5 views

SUSE-SU-2022:2546-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability bsc1201225. - Use AES as default cipher instead of 3DES when we are in FIPS mode. bsc1196125...

6.5CVSS6.6AI score0.02551EPSS
Exploits1References4
NVD
NVD
added 2022/07/13 9:15 p.m.15 views

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

6.7CVSS0.00277EPSS
Exploits0References1
Prion
Prion
added 2022/07/13 9:15 p.m.14 views

Design/Logic Flaw

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

5CVSS5.3AI score0.00277EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/13 9:10 p.m.16 views

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

6.7CVSS6.7AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2022/07/13 9:10 p.m.62 views

CVE-2022-34757

CVE-2022-34757 affects Schneider Electric Easergy P5 (V01.401.102 and prior). The issue is CWE-327: Use of a Broken or Risky Cryptographic Algorithm, where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, allowing an attacker to observe protected ...

6.7CVSS5.3AI score0.00277EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/13 12:0 a.m.4 views

Schneider Electric Easergy P5 加密问题漏洞

The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. A vulnerability in encryption issues exists in Schneider Electric Easergy P5 V01.401.102 and prior versions, which stems from the use of a corrupted or risky encrypti...

6.7CVSS5.8AI score0.00277EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/07/12 11:0 a.m.3 views

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

6.7CVSS5.9AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2022/07/06 7:57 p.m.35 views

GHSA-3WX7-46CH-7RQ2 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryptio...

7.5CVSS7.5AI score0.02024EPSS
Exploits0References21
Github Security Blog
Github Security Blog
added 2022/07/06 7:57 p.m.55 views

AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryptio...

5.3CVSS1.6AI score0.02024EPSS
Exploits0References21Affected Software1
OSV
OSV
added 2022/07/05 12:0 p.m.43 views

RUSTSEC-2022-0032 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS7.5AI score0.02024EPSS
Exploits0References3
OSV
OSV
added 2022/07/05 12:0 a.m.2 views

UBUNTU-CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.7AI score0.02024EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2022/06/23 12:0 a.m.7 views

June 23, 2022—KB5014665 (OS Build 20348.803) Preview

June 23, 2022—KB5014665 OS Build 20348.803 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.5 views

PT-2022-3092 · Motorola · Motorola Mdlc Protocol

Name of the Vulnerable Software and Affected Versions: Motorola MDLC protocol through 2022-05-02 Description: The issue is related to the Motorola MDLC protocol's handling of message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption...

9.8CVSS9.3AI score0.00325EPSS
Exploits0References8
Rows per page
Query Builder