2876 matches found
IBM WebSphere Application Server 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.12 / 9.0.x < 9.0.0.5 Weak Security Bindings (CVE-2017-1501)
The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.14, 8.5.0.x prior to 8.5.5.12 or 9.0.x prior to 9.0.0.5. It is, therefore, affected by a vulnerability in the web services security bindings settings. If cipher suites were changed in the web service...
CVE-2020-3585
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...
CVE-2020-3585
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...
Vulnerability fixed in NSS
A vulnerability has been fixed in NSS. The vulnerability allows a remote malicious party capable of performing a denial-of-service attack perform on servers compiled with the NSS library by sending sending multiple ChangeCipherSpec messages. Mozilla has released updates to fix the vulnerability...
DEBIAN-CVE-2020-25648
A flaw was found in the way NSS handled CCS ChangeCipherSpec messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This fla...
crate has been renamed to `cipher`
This crate has been renamed from stream-cipher to cipher. The new repository location is at:...
aesni (>=0.7.0 <=0.9.0), aries-askar (=0.1.2) +28 more potentially affected by unknown CVE via stream-cipher (>=0.4.1 <=0.7.1)
stream-cipher CARGO version =0.4.1, =0.7.0, =0.1.1, =0.1.1, =0.1.0, =0.4.0, =0.5.0, =0.2.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0-pre.1, =0.1.0, =0.3.1, =0.3.9 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0058...
IMAPServer (=0.1.0), acme-dns-rust (>=1.0.0 <=1.0.6) +92 more potentially affected by unknown CVE via block-cipher (>=0.7.1 <=0.8.0)
block-cipher CARGO version =0.7.1, =1.0.0, =0.4.0, =0.4.0, =0.7.0, =0.1.0, =0.1.1, =0.1.1, =0.8.1, =0.2.0, =0.5.0, =0.2.0, =0.7.0, =0.8.0 - chacha20 =0.5.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0057...
RUSTSEC-2020-0058 crate has been renamed to `cipher`
This crate has been renamed from stream-cipher to cipher. The new repository location is at:...
RUSTSEC-2020-0057 crate has been renamed to `cipher`
This crate has been renamed from block-cipher to cipher. The new repository location is at:...
USN-4583-1 php5, php7.0, php7.2, php7.4 vulnerabilities
It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-7069 It was discorevered that PHP incorrectly handled...
HP Device Manager 4.x < 4.7 SP 13 / 5.x < 5.0.4 Multiple Vulnerabilities
According to its self-reported version number, the version of HP Device Manager installed on the remote Windows host is 4.x prior to 4.7 SP 13 or 5.x prior to 5.0.4. It is, therefore, affected by multiple vulnerabilities: - A weak cipher implementation that is susceptible to dictionary attacks...
Multiple vulnerabilities in HP Device Manager
HP published an advisory for three vulnerabilities in its Device Manager software, which lets IT admins remotely manage HP thin clients. CVEs included in the advisory are CVE-2020-6925 weak cipher, CVE-2020-6926 remote method invocation, and CVE-2020-6927 local privilege escalation. Some of these...
HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know
HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager that—when some are chained together—can result in a remote attacker gaining SYSTEM privileges on the target node. Note: A backdoor database user exists in the PostgreSQL database used by HP...
HPSBHF03689 rev. 2 - HP Device Manager Weak Cipher Implementation, Remote Method Invocation, and Elevation of Privilege
Potential Security Impact Susceptibility to dictionary attacks, unauthorized remote access to resources, and elevation of privilege. Source: HP, HP Product Security Response Team PSRT Reported By: Nick Bloor VULNERABILITY SUMMARY Potential vulnerabilities have been identified with certain version...
SSL/TLS Server Cipher Suite Preference
The remote server is configured with a SSL/TLS cipher suite preference list used to determine the cipher suite during the negotiation with the client. No source data...
SSL/TLS Server Cipher Suite Preference Not Detected
The remote server is not configured with a SSL/TLS cipher suite preference list, making the cipher suite selection during the negotiation use the ordered list from the client. No source data...
Sweet32 Attack
OpenVPN is vulnerable to Sweet32 Attack. When using a 64-bit block cipher, it is easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...
Noise-Java Out-of-Bounds Access Vulnerability
Noise-Java is a plain Java implementation of the Noise protocol. An out-of-bounds access vulnerability exists in AESGCMOnCtrCipherState.encryptWithAd in Noise-Java 2020-08-27 and earlier versions. No detailed vulnerability details are provided at this time...
DEBIAN-CVE-2020-16150
A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...