Lucene search
K

2876 matches found

Cvelist
Cvelist
added 2020/12/14 9:5 p.m.16 views

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

7.3AI score0.004EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/12/11 5:25 p.m.25 views

Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers

A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software—as well as with ability for its affiliates to launch double extortion attacks. The MountLocker...

6.9AI score
Exploits0
0day.today
0day.today
added 2020/12/09 12:0 a.m.47 views

Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit

Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation states that there are thre...

7.4AI score
Exploits0
Veracode
Veracode
added 2020/12/06 4:49 a.m.24 views

Unintended Cipher

modns is vulnerable to unintended cipher attack. This vulnerability allows attackers to force the use of ciphers that were not intended to be enabled...

7.5CVSS4.6AI score0.01716EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2020/12/03 2:58 a.m.18 views

Cipher Downgrade Attack

oic is vulnerable to cipher downgrade attacks. The vulnerability exists as the IdToken signature algorithm is not checked automatically, and that the JWA none algorithm is always allowed, and that the IdToken returned from oic.consumer.Consumer.parseauthz is not verified, and the iat claim is not...

6.8CVSS4AI score0.00815EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/18 3:8 p.m.15 views

Security Bulletin: TLS Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) vulnerability in IBM Cloud Pak for Data Streams

Summary The Transport Layer Security TLS protocol contains a flaw that is triggered when handling DiffieHellman key exchanges defined with the DHEEXPORT cipher. A man-in-the middle attacker may be able to downgrade the session to use EXPORTDHE cipher suites. Thus, it is recommended to remove...

1.5AI score
Exploits0Affected Software1
Veracode
Veracode
added 2020/11/17 1:12 a.m.20 views

In-band Protocol Negotiation And Robustness Weakness

aws-encryption-sdk suffers from an In-band protocol negotiation and robustness weakness. The SDK allows a unique ciphertext to be decrypted into different results due to the non-committing property of AES-GCM, and other AEAD ciphers such as AES-GCM-SIV, or XChaCha20Poly1305, when encrypting...

8.1CVSS4.2AI score0.00394EPSS
Exploits1References3Affected Software3
OSV
OSV
added 2020/11/12 2:15 p.m.29 views

CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

5.9CVSS5.6AI score0.01631EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2020/11/12 2:15 p.m.33 views

CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

7.5CVSS6.7AI score0.01631EPSS
Exploits1References3
OSV
OSV
added 2020/11/12 2:15 p.m.68 views

PYSEC-2020-100

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

7.5CVSS4.5AI score0.01631EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/11/12 1:48 p.m.21 views

CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

7.5CVSS6.8AI score0.01631EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/11/04 1:0 a.m.3 views

libssh: denial of service when handling AES-CTR (or DES) ciphers

A flaw was found in the way libssh handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system...

5.3CVSS7.1AI score0.03065EPSS
Exploits0References5
NVD
NVD
added 2020/10/29 4:15 a.m.21 views

CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...

7.5CVSS7.2AI score0.01247EPSS
Exploits0References1
OSV
OSV
added 2020/10/29 4:15 a.m.3 views

CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...

7.5CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2020/10/29 4:15 a.m.19 views

Hardcoded credentials

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...

5CVSS7.5AI score0.01247EPSS
Exploits0References1Affected Software1
Nvidia
Nvidia
added 2020/10/28 12:0 a.m.39 views

Security Bulletin: AMI Baseboard Management Controller (BMC) Firmware Vulnerabilities in NVIDIA DGX-1, DGX-2, and DGX A100 Servers - October 2020

NVIDIA has released a firmware security update for NVIDIA DGX™ servers. This update addresses security issues in the AMI Baseboard Management Controller BMC firmware that may lead to remote code execution, elevation of privileges, or information disclosure. All issues require network access to th...

9.8CVSS8.1AI score0.02611EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/10/28 12:0 a.m.1 views

Mozilla NSS Denial of Service Vulnerability

NSS is an underlying cryptography library from the Mozilla Foundation. The library supports a variety of cryptographic algorithms and the TLS implementation of the Firefox browser is based on this library. A denial of service vulnerability exists in NSS versions prior to 3.58. The vulnerability...

7.5CVSS9.1AI score0.03854EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 3:51 p.m.207 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Developer for System z (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Developer for System z. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could explo...

5CVSS1.5AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 3:51 p.m.23 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Developer for System z (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Developer for System z. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVEID:...

5CVSS1AI score0.74006EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2020/10/27 12:0 a.m.43 views

ImageMagick7 -- multiple vulnerabilities

CVE reports: Several vulnerabilities have been discovered in ImageMagick: CVE-2021-20313: A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. CVE-2021-20312: A flaw was found in ImageMagick in versions...

7.8CVSS3.7AI score0.0703EPSS
Exploits1
Rows per page
Query Builder