Lucene search
K

2876 matches found

Tenable Nessus
Tenable Nessus
added 2020/10/23 12:0 a.m.30 views

IBM WebSphere Application Server 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.12 / 9.0.x < 9.0.0.5 Weak Security Bindings (CVE-2017-1501)

The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.14, 8.5.0.x prior to 8.5.5.12 or 9.0.x prior to 9.0.0.5. It is, therefore, affected by a vulnerability in the web services security bindings settings. If cipher suites were changed in the web service...

5.9CVSS6.6AI score0.02033EPSS
Exploits0References2
NVD
NVD
added 2020/10/21 7:15 p.m.22 views

CVE-2020-3585

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...

5.3CVSS0.01239EPSS
Exploits0References1
OSV
OSV
added 2020/10/21 7:15 p.m.3 views

CVE-2020-3585

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...

3.7CVSS6.5AI score0.01239EPSS
Exploits0References1
NCSC
NCSC
added 2020/10/21 12:0 a.m.3 views

Vulnerability fixed in NSS

A vulnerability has been fixed in NSS. The vulnerability allows a remote malicious party capable of performing a denial-of-service attack perform on servers compiled with the NSS library by sending sending multiple ChangeCipherSpec messages. Mozilla has released updates to fix the vulnerability...

7.5CVSS6.7AI score0.03854EPSS
Exploits0
OSV
OSV
added 2020/10/20 10:15 p.m.2 views

DEBIAN-CVE-2020-25648

A flaw was found in the way NSS handled CCS ChangeCipherSpec messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This fla...

7.5CVSS7.4AI score0.03854EPSS
Exploits0References1
RustSec
RustSec
added 2020/10/15 12:0 p.m.14 views

crate has been renamed to `cipher`

This crate has been renamed from stream-cipher to cipher. The new repository location is at:...

6.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/10/15 12:0 p.m.4 views

aesni (>=0.7.0 <=0.9.0), aries-askar (=0.1.2) +28 more potentially affected by unknown CVE via stream-cipher (>=0.4.1 <=0.7.1)

stream-cipher CARGO version =0.4.1, =0.7.0, =0.1.1, =0.1.1, =0.1.0, =0.4.0, =0.5.0, =0.2.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0-pre.1, =0.1.0, =0.3.1, =0.3.9 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0058...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/10/15 12:0 p.m.6 views

IMAPServer (=0.1.0), acme-dns-rust (>=1.0.0 <=1.0.6) +92 more potentially affected by unknown CVE via block-cipher (>=0.7.1 <=0.8.0)

block-cipher CARGO version =0.7.1, =1.0.0, =0.4.0, =0.4.0, =0.7.0, =0.1.0, =0.1.1, =0.1.1, =0.8.1, =0.2.0, =0.5.0, =0.2.0, =0.7.0, =0.8.0 - chacha20 =0.5.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0057...

5.8AI score
Exploits0
OSV
OSV
added 2020/10/15 12:0 p.m.8 views

RUSTSEC-2020-0058 crate has been renamed to `cipher`

This crate has been renamed from stream-cipher to cipher. The new repository location is at:...

7.1AI score
Exploits0References3
OSV
OSV
added 2020/10/15 12:0 p.m.9 views

RUSTSEC-2020-0057 crate has been renamed to `cipher`

This crate has been renamed from block-cipher to cipher. The new repository location is at:...

7.1AI score
Exploits0References3
OSV
OSV
added 2020/10/14 5:42 p.m.2 views

USN-4583-1 php5, php7.0, php7.2, php7.4 vulnerabilities

It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-7069 It was discorevered that PHP incorrectly handled...

6.5CVSS6.7AI score0.05029EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/10/07 12:0 a.m.97 views

HP Device Manager 4.x < 4.7 SP 13 / 5.x < 5.0.4 Multiple Vulnerabilities

According to its self-reported version number, the version of HP Device Manager installed on the remote Windows host is 4.x prior to 4.7 SP 13 or 5.x prior to 5.0.4. It is, therefore, affected by multiple vulnerabilities: - A weak cipher implementation that is susceptible to dictionary attacks...

6.5AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2020/10/06 12:0 a.m.30 views

Multiple vulnerabilities in HP Device Manager

HP published an advisory for three vulnerabilities in its Device Manager software, which lets IT admins remotely manage HP thin clients. CVEs included in the advisory are CVE-2020-6925 weak cipher, CVE-2020-6926 remote method invocation, and CVE-2020-6927 local privilege escalation. Some of these...

6.7AI score
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2020/10/02 5:6 p.m.128 views

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager that—when some are chained together—can result in a remote attacker gaining SYSTEM privileges on the target node. Note: A backdoor database user exists in the PostgreSQL database used by HP...

6.5CVSS1.4AI score0.01327EPSS
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2020/09/25 12:0 a.m.84 views

HPSBHF03689 rev. 2 - HP Device Manager Weak Cipher Implementation, Remote Method Invocation, and Elevation of Privilege

Potential Security Impact Susceptibility to dictionary attacks, unauthorized remote access to resources, and elevation of privilege. Source: HP, HP Product Security Response Team PSRT Reported By: Nick Bloor VULNERABILITY SUMMARY Potential vulnerabilities have been identified with certain version...

7CVSS2.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/09/24 12:0 a.m.11 views

SSL/TLS Server Cipher Suite Preference

The remote server is configured with a SSL/TLS cipher suite preference list used to determine the cipher suite during the negotiation with the client. No source data...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/24 12:0 a.m.23 views

SSL/TLS Server Cipher Suite Preference Not Detected

The remote server is not configured with a SSL/TLS cipher suite preference list, making the cipher suite selection during the negotiation use the ordered list from the client. No source data...

7.4AI score
Exploits0References2
Veracode
Veracode
added 2020/09/21 6:32 a.m.39 views

Sweet32 Attack

OpenVPN is vulnerable to Sweet32 Attack. When using a 64-bit block cipher, it is easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

5.9CVSS5.6AI score0.0594EPSS
Exploits0References10Affected Software2
CNVD
CNVD
added 2020/09/07 12:0 a.m.2 views

Noise-Java Out-of-Bounds Access Vulnerability

Noise-Java is a plain Java implementation of the Noise protocol. An out-of-bounds access vulnerability exists in AESGCMOnCtrCipherState.encryptWithAd in Noise-Java 2020-08-27 and earlier versions. No detailed vulnerability details are provided at this time...

9.8CVSS6.9AI score0.02553EPSS
Exploits2References1
OSV
OSV
added 2020/09/02 4:15 p.m.3 views

DEBIAN-CVE-2020-16150

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

5.5CVSS5.9AI score0.00368EPSS
Exploits0References1
Rows per page
Query Builder