Lucene search
K

2877 matches found

OSV
OSV
added 2022/04/27 12:0 a.m.5 views

GHSA-98J2-HFXP-8H8R Apache Doris hardcoded key and IV

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS7.3AI score0.03137EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/04/27 12:0 a.m.11 views

Apache Doris hardcoded key and IV

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS6.4AI score0.03137EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/04/26 4:15 p.m.5 views

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS5.8AI score0.03137EPSS
Exploits0References3
PyPA
PyPA
added 2022/04/26 4:15 p.m.5 views

PYSEC-2022-43150

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS6.7AI score0.03137EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2022/04/26 4:15 p.m.16 views

Information disclosure

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

5CVSS7.2AI score0.03137EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/04/26 4:5 p.m.23 views

CVE-2022-23942 Apache Doris hardcoded cryptography initialization

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5AI score0.03137EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.14 views

Slackware: Security Advisory (SSA:2013-322-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS9.5AI score0.0267EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/04/15 12:0 a.m.305 views

Apache Shiro < 1.2.5 Default Cipher Key (CVE-2016-4437)

The Apache Shiro uses a default cipher key for the 'remember me' feature when not explicitly configured. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code or access content that would otherwise be protected by a security constraint...

9.8CVSS8.2AI score0.93143EPSS
Exploits9References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/11 3:7 p.m.37 views

Security Bulletin: IBM Cisco Switches and Directors vulnerable to Sweet32 Birthday attacks (CVE-2016-2183 CVE-2016-6329).

Summary IBM Cisco Switches and Directors vulnerable to Sweet32 Birthday attacks on 64-bit block ciphers in TLS and OpenVPN openssl ,redhat,openVPN Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in t...

7.5CVSS0.8AI score0.95707EPSS
Exploits7Affected Software10
Tenable Nessus
Tenable Nessus
added 2022/04/06 12:0 a.m.1092 views

SSL/TLS Recommended Cipher Suites (PCI DSS)

The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites: TLSv1.3: - 0x13,0x01 TLS13AES128GCMSHA256 - 0x13,0x02 TLS13AES256GCMSHA384 - 0x13,0x03 TLS13CHACHA20POLY1305SHA256 TLSv1.2: - 0xC0,0x2B...

5.5AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/04/04 12:0 a.m.1304 views

TLS Version 1.1 Deprecated Protocol

The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/03/30 12:0 a.m.350 views

Apache Shiro Default Cipher Key (CVE-2016-4437)

Binary data apacheshirocve-2016-4437.nbin...

9.8CVSS9AI score0.93143EPSS
Exploits9References3
CNVD
CNVD
added 2022/03/23 12:0 a.m.18 views

Digital Bazaar Forge Data Forgery Issue Vulnerability (CNVD-2022-22656)

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

5.3CVSS1.7AI score0.00875EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/03/21 7:36 a.m.4 views

OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

7.1CVSS7.4AI score0.06868EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/19 4:17 a.m.47 views

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35550)

Summary A flaw in the JSSE component causes cipher suites to be offered in the wrong order, with some weaker cipher suites ahead of stronger cipher suites. The fix ensures that stronger cipher suites are offered before weaker cipher suites. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION:...

7.1CVSS5.8AI score0.06868EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/03/10 5:47 p.m.22 views

CVE-2022-25219

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

8.4CVSS0.00758EPSS
Exploits1References1
Prion
Prion
added 2022/03/10 5:47 p.m.20 views

Design/Logic Flaw

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

6.9CVSS7.9AI score0.00978EPSS
Exploits2References1Affected Software5
NVD
NVD
added 2022/03/04 10:15 p.m.18 views

CVE-2021-27756

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

7.5CVSS0.00544EPSS
Exploits0References1
Prion
Prion
added 2022/03/04 10:15 p.m.15 views

Code injection

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

4.3CVSS7.5AI score0.00544EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/04 9:18 p.m.18 views

CVE-2021-27756

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

7.7AI score0.00544EPSS
Exploits0References1
Rows per page
Query Builder