Lucene search
K

2876 matches found

OSV
OSV
added 2020/06/11 3:15 p.m.6 views

CVE-2020-0187

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS6.7AI score0.00152EPSS
Exploits0References1
Carbon Black Blog
Carbon Black Blog
added 2020/06/08 2:59 p.m.77 views

TAU Threat Analysis: Hakbit Ransomware

The bad actors behind Hakbit ransomware recently released an updated variant of their ransomware, which encrypts the victim’s data and demands 3 Bitcoins in ransom payment. This updated variant is delivered via phishing email as a malicious Excel document, and contains added functionality from th...

7.2AI score
Exploits0
RustSec
RustSec
added 2020/05/26 12:0 p.m.18 views

crate has been renamed to `block-cipher`

This crate has been renamed from block-cipher-trait to block-cipher. The new repository location is at:...

7.1AI score
Exploits0
OSV
OSV
added 2020/05/26 12:0 p.m.13 views

RUSTSEC-2020-0018 crate has been renamed to `block-cipher`

This crate has been renamed from block-cipher-trait to block-cipher. The new repository location is at:...

7.1AI score
Exploits0References3
OpenVAS
OpenVAS
added 2020/05/20 12:0 a.m.81 views

Huawei Data Communication: Multiple OpenSSL Vulnerabilities in January 2017 (huawei-sa-20170503-01-openssl)

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS7.5AI score0.57595EPSS
Exploits6References1
CNVD
CNVD
added 2020/05/07 12:0 a.m.3 views

F5 BIG-IP Encryption Problem Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cryptographic issue vulnerability exists in the F5 BIG-IP system that stems from a program not using a secure communication...

9.1CVSS6.8AI score0.00809EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/01 8:19 a.m.29 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational DOORS Web Access (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Rational DOORS Web Access. Vulnerability Details Rational DOORS Web Access is affected by the following vulnerabilities disclosed in and corrected by the JRE critical patch updates: CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, a...

5CVSS0.1AI score0.74006EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2020/04/30 12:0 a.m.30 views

F5 Networks BIG-IP : BIG-IP SSL state mirroring vulnerability (K17663061)

BIG-IP systems set up for connection mirroring in a high availability HA pair transfersensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.CVE-2020-5885 Impact On-path attackers ma...

9.1CVSS8.2AI score0.00809EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2020/04/28 9:7 a.m.16 views

new module: maven:3.6

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

1.7AI score
Exploits0
OSV
OSV
added 2020/04/27 3:15 p.m.1 views

DEBIAN-CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

3.7CVSS6.9AI score0.01609EPSS
Exploits1References1
OSV
OSV
added 2020/04/27 3:15 p.m.1 views

ALPINE-CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

3.7CVSS6.9AI score0.01609EPSS
Exploits1References1
OSV
OSV
added 2020/04/27 3:15 p.m.6 views

UBUNTU-CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

3.7CVSS6.8AI score0.01609EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2020/04/27 2:47 p.m.23 views

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

4.3CVSS6.2AI score0.01609EPSS
Exploits1
OSV
OSV
added 2020/04/17 4:15 p.m.3 views

CVE-2020-11877

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector IV for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code...

7.5CVSS5.8AI score0.01524EPSS
Exploits1References1
Prion
Prion
added 2020/04/16 11:15 a.m.24 views

Buffer overflow

Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

10CVSS9.5AI score0.00902EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.40 views

Oracle Enterprise Manager Cloud Control (Apr 2020 CPU)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2020 CPU advisory. - Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that...

9.8CVSS6.8AI score0.11676EPSS
Exploits0References5
OSV
OSV
added 2020/04/13 7:15 p.m.3 views

DEBIAN-CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

5.3CVSS6.5AI score0.03065EPSS
Exploits0References1
OSV
OSV
added 2020/04/13 7:15 p.m.3 views

ALPINE-CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

5.3CVSS6.6AI score0.03065EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2020/04/13 12:0 a.m.192 views

Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015

Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory,...

6.3AI score
Exploits0
Debian CVE
Debian CVE
added 2020/04/13 12:0 a.m.25 views

CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

5.3CVSS6AI score0.03065EPSS
Exploits0
Rows per page
Query Builder