Lucene search
K

2876 matches found

OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2015:2088-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.9AI score0.08272EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2015:2088-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.9AI score0.08272EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/04/16 12:0 a.m.11 views

PT-2021-18221 · Unknown · Jose-Node-Cjs-Runtime

Name of the Vulnerable Software and Affected Versions: jose-node-cjs-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in the jose-node-cjs-runtime package has a timing difference when a padding error occurs, creating a padding oracle. This allows an adversa...

5.9CVSS6.4AI score0.01238EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/04/16 12:0 a.m.4 views

PT-2021-18220 · Unknown · Jose-Node-Esm-Runtime

Name of the Vulnerable Software and Affected Versions: jose-node-esm-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in the jose-node-esm-runtime package has a timing difference when a padding error occurs, creating a padding oracle. This allows an adversa...

5.9CVSS6.5AI score0.01238EPSS
Exploits0References6
OSV
OSV
added 2021/04/09 12:0 a.m.11 views

OSV-2021-616 Heap-buffer-overflow in Camellia_Ekeygen

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33028 Crash type: Heap-buffer-overflow READ 1 Crash state: CamelliaEkeygen Camelliasetkey cipherhwcamelliainitkey...

7.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/04/07 2:28 p.m.36 views

CVE-2021-20313

A flaw was found in ImageMagick. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality...

7.5CVSS2.2AI score0.01782EPSS
Exploits0References3
OSV
OSV
added 2021/04/07 11:2 a.m.2 views

OESA-2021-1121 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data...

7.5CVSS8.6AI score0.50732EPSS
Exploits0References3
OSV
OSV
added 2021/04/07 11:2 a.m.2 views

OESA-2021-1116 nss security update

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

9.1CVSS8.4AI score0.03854EPSS
Exploits0References3
OSV
OSV
added 2021/04/07 11:2 a.m.2 views

OESA-2021-1115 nss security update

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

9.1CVSS8.4AI score0.03854EPSS
Exploits0References3
NVD
NVD
added 2021/03/25 7:15 p.m.19 views

CVE-2021-3446

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the calle...

5.5CVSS0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/03/21 12:8 a.m.24 views

CVE-2019-0223

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS3.4AI score0.0615EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/03/16 12:0 a.m.38 views

Security update for openssl-1_0_0 (moderate)

openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2021:0430-1 Rating: moderate References: 1182331 1182333 Cross-References: CVE-2021-23840 CVE-2021-23841 CVSS scores: CVE-2021-23840 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23840 SUSE: 6...

6.5CVSS6.7AI score0.50732EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.38 views

NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2021-0069)

The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could...

9.3CVSS6.7AI score0.0316EPSS
Exploits0References3
OSV
OSV
added 2021/03/05 11:2 a.m.5 views

OESA-2021-1064 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

4.3CVSS6.9AI score0.01609EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/01 7:11 p.m.23 views

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLS_FALLBACK_SCSV

Summary The server responded with a Handshake to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLSFALLBACKSCSV Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when...

4.3CVSS0.4AI score0.99999EPSS
Exploits7Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/26 12:0 a.m.7 views

PT-2021-4543 · Unknown +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.11 Description: A flaw was found in the TransformSignature function of ImageMagick, which could lead to a potential cipher leak when calculating signatures. This issue is related to the disclosure of...

8.8CVSS6.2AI score0.89855EPSS
Exploits42References196
OSV
OSV
added 2021/02/16 5:15 p.m.7 views

ALPINE-CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS7.1AI score0.50732EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 5:15 p.m.1 views

DEBIAN-CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS6.3AI score0.50732EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 5:15 p.m.7 views

UBUNTU-CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS6.7AI score0.50732EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/12 1:59 p.m.35 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM DataQuant for Workstation (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DataQuant for Workstation. Vulnerability Details CVEID: CVE-2015-4000 The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey...

4.3CVSS0.7AI score0.9986EPSS
Exploits1Affected Software1
Rows per page
Query Builder