Lucene search
K

2876 matches found

OSV
OSV
added 2020/09/02 4:15 p.m.2 views

ALPINE-CVE-2020-16150

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

5.5CVSS6.8AI score0.00368EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/09/02 4:15 p.m.6 views

CVE-2020-16150

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

5.5CVSS5.9AI score0.00368EPSS
Exploits0References12
OSV
OSV
added 2020/08/21 2:15 p.m.2 views

DEBIAN-CVE-2020-12457

An issue was discovered in wolfSSL before 4.5.0. It mishandles the changecipherspec CCS message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply loop, i.e., a denial of...

7.5CVSS7.3AI score0.01531EPSS
Exploits0References1
Snyk
Snyk
added 2020/08/21 2:15 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. An issue was discovered in wolfSSL before 4.5.0. It mishandles the changecipherspec CCS message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than...

7.5CVSS6.8AI score0.01531EPSS
Exploits0References2
OSV
OSV
added 2020/08/21 2:15 p.m.1 views

UBUNTU-CVE-2020-12457

An issue was discovered in wolfSSL before 4.5.0. It mishandles the changecipherspec CCS message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply loop, i.e., a denial of...

7.5CVSS7.1AI score0.01531EPSS
Exploits0References4
Microsoft Secure
Microsoft Secure
added 2020/08/20 5:0 p.m.35 views

Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Transport Layer Security TLS 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170, the first step in a broader rollout to Windows 10 systems. TLS 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a...

1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.3 views

The vulnerabilities affect the implementations of the functions read_fru_area(), read_fru_area_section(), ipmi_spd_print_fru(), ipmi_get_session_info(), ipmi_get_channel_cipher_suites(), and get_lan_param_select(). These functions are used for managing and configuring devices that support IPMI through ipmitool. This allows a malicious individual to cause service interruptions or execute arbitrary code.

The vulnerability of the implementations of several functions such as readfruarea, readfruareasection, ipmispdprintfru, ipmigetsessioninfo, ipmigetchannelciphersuites, and getlanparamselect—utilities for managing and configuring devices that support IPMI—is due to buffer overflows. Exploiting thi...

9CVSS8.1AI score0.0329EPSS
Exploits1References13Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 11:8 p.m.37 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for OpenVMS (CVE-2016-2183)

Summary OpenSSL is used by IBM Sterling Connect:Direct for OpenVMS. IBM Sterling Connect:Direct for OpenVMS has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the...

7.5CVSS0.5AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.32 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Connect:Express for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Connect:Express for UNIX Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS0.9AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.17 views

Security Bulletin: TLS padding vulnerability affects Sterling Connect:Direct for UNIX (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects Sterling Connect:Direct for UNIX. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

4.3CVSS0.4AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.19 views

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Sterling Connect:Direct for UNIX (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Sterling Connect:Direct for UNIX. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...

5.9CVSS0.5AI score0.0288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.48 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2108, CVE-2016-2107)

Summary OpenSSL vulnerabilities were disclosed on 3 May 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION:...

10CVSS0.5AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.48 views

Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2183)

Summary An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for Microsoft Windows uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenS...

7.5CVSS0.2AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.97 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling Connect:Direct for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Sterling Connect:Direct for UNIX. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

5CVSS0.6AI score0.74006EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.51 views

Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance

Summary Multiple vulnerabilities have been idintified in openssl, gnutl, mysql, kernel, glibc and ntp shipped with SmartCloud Entry Appliance. SmartCloud Entry Appliance has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: The SSL/TLS protocol is vulnerable t...

10CVSS1.5AI score0.83524EPSS
Exploits107Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/16 6:39 a.m.42 views

Security Bulletin: IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments are vulnerabile to Logjam (CVE-2015-4000)

Summary IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrurm Protect for Space Management, and IBM Spectrum Protect for Virtual Environments are vulnerable to Logjam CVE-2015-4000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remot...

4.3CVSS1.4AI score0.9986EPSS
Exploits1Affected Software3
OpenVAS
OpenVAS
added 2020/07/13 12:0 a.m.7 views

Huawei Data Communication: Deploying RSVP Authentication

RSVP MD5 authentication is deployed to prevent attackers from attempting to use protocols on the control plane to destroy entries on which forwarding depends, such as routes. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2020/06/29 6:25 a.m.7 views

Hiro: blockstack.org - is vulnerable to (CVE-2016-2183, CVE-2016-6329)

Descriptions Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between clients and servers. To use such algorithms, the data is broken into fixed-length chunks, called blocks, and each block is...

7.5CVSS7.5AI score0.95707EPSS
Exploits7
OSV
OSV
added 2020/06/24 7:15 p.m.1 views

DEBIAN-CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

4.9CVSS6AI score0.03357EPSS
Exploits0References1
OSV
OSV
added 2020/06/24 7:15 p.m.3 views

UBUNTU-CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

4.9CVSS6.5AI score0.03357EPSS
Exploits0References7
Rows per page
Query Builder