2876 matches found
CVE-2019-5163
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
Security Vulnerabilities fixed in - Firefox 71 — Mozilla
Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. When setting a thread name on Windo...
Security Vulnerabilities fixed in - Thunderbird 68.3 — Mozilla
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitabl...
Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...
Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
SSL/TLS Deprecated Ciphers (deprecated)
The remote host has open SSL/TLS ports which advertise deprecated cipher suites. The ciphers contained in these suites are no longer supported by most major ssl libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL and, as such, should not be used for secure communication. Nessus 8.9 and later no...
CVE-2019-11745
When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...
The vulnerability of OpenVPN software is related to issues with encryption using a 64-bit block. This allows a hacker to restore the original message.
The vulnerability of the OpenVPN software is related to issues with encryption when using a 64-bit block cipher. Exploiting this vulnerability allows a malicious actor to restore the original message through a “Sweet32” attack...
Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Cast Iron Cloud integration
Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron Cloud integration and has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere Cast Iron (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM WebSphere Cast Iron Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...
DEBIAN-CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure
The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions o...
Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...
Cryptovenom - The Cryptography Swiss Army Knife
CryptoVenom: The Cryptography Swiss Army knife What is CryptoVenom? CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern...
Security Bulletin: TLS padding vulnerability affects IBM Netezza Performance Portal (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Netezza Performance Portal. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Netezza Platform Software (CVE-2015-2808)
Summary The RC4 Bar Mitzvah Attack for SSL/TLS affects IBM Netezza Platform Software. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit thi...
More Cryptanalysis of Solitaire
In 1999, I invented the Solitaire encryption algorithm, designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon, and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I mad...
EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2016)
According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...
qpid-proton: TLS Man in the Middle Vulnerability
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
qpid-proton: TLS Man in the Middle Vulnerability
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...