Lucene search
K

2876 matches found

NVD
NVD
added 2020/01/08 8:15 p.m.15 views

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

8.8CVSS8.7AI score0.02994EPSS
Exploits0References17
OSV
OSV
added 2020/01/08 8:15 p.m.2 views

DEBIAN-CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

8.8CVSS6.5AI score0.02994EPSS
Exploits0References1
OSV
OSV
added 2020/01/08 8:15 p.m.2 views

ALPINE-CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

8.8CVSS8.9AI score0.02994EPSS
Exploits0References1
Prion
Prion
added 2020/01/08 8:15 p.m.18 views

Design/Logic Flaw

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

6.8CVSS8.4AI score0.02994EPSS
Exploits0References17Affected Software15
Cvelist
Cvelist
added 2020/01/08 7:22 p.m.18 views

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

8.9AI score0.02994EPSS
Exploits0References17
CVE
CVE
added 2020/01/08 7:22 p.m.515 views

CVE-2019-11745

CVE-2019-11745 is a heap-based out-of-bounds write in Mozilla NSS (NSC_EncryptUpdate) when data smaller than the block size is encrypted. This could allow a remote attacker to trigger a crash or execute arbitrary code with the user’s privileges (attack surface includes NSS-enabled apps such as Th...

8.8CVSS8.7AI score0.02994EPSS
Exploits0References17Affected Software3
AlpineLinux
AlpineLinux
added 2020/01/08 7:22 p.m.43 views

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

8.8CVSS9AI score0.02994EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/01/08 7:22 p.m.33 views

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

8.8CVSS6.7AI score0.02994EPSS
Exploits0
OSV
OSV
added 2019/12/18 3:15 p.m.2 views

DEBIAN-CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS7.5AI score0.01379EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2019/12/18 3:15 p.m.20 views

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS7.2AI score0.01379EPSS
Exploits1References4
Prion
Prion
added 2019/12/18 3:15 p.m.16 views

Information disclosure

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

5.8CVSS7AI score0.01379EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/12/18 2:31 p.m.18 views

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS7AI score0.01379EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2019/12/18 2:31 p.m.18 views

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS7AI score0.01379EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 1:14 a.m.18 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Sterling Connect:Enterprise for UNIX (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Sterling Connect:Enterprise for UNIX when using the AS2 or WebDAV protocols. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...

4.3CVSS0.2AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/17 10:56 p.m.25 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified vulnerabilit...

7.5CVSS1.1AI score0.95707EPSS
Exploits7Affected Software1
RedHat Linux
RedHat Linux
added 2019/12/12 1:34 p.m.9 views

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS5.8AI score0.0615EPSS
Exploits0References5
Mageia
Mageia
added 2019/12/06 2:15 p.m.47 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...

7.4CVSS0.6AI score0.05701EPSS
Exploits0References5
OSV
OSV
added 2019/12/03 10:15 p.m.2 views

DEBIAN-CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.8AI score0.02289EPSS
Exploits1References1
OSV
OSV
added 2019/12/03 10:15 p.m.2 views

UBUNTU-CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.7AI score0.02289EPSS
Exploits1References4
Prion
Prion
added 2019/12/03 10:15 p.m.16 views

Denial of service

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

4.3CVSS7.4AI score0.02289EPSS
Exploits1References3Affected Software3
Rows per page
Query Builder