Lucene search
K

2876 matches found

Debian CVE
Debian CVE
added 2019/12/03 9:55 p.m.19 views

CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.5AI score0.02289EPSS
Exploits1
Mozilla
Mozilla
added 2019/12/03 12:0 a.m.91 views

Security Vulnerabilities fixed in - Firefox 71 — Mozilla

Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. When setting a thread name on Windo...

8.8CVSS1.5AI score0.02994EPSS
Exploits1References11Affected Software1
Mozilla
Mozilla
added 2019/12/03 12:0 a.m.340 views

Security Vulnerabilities fixed in - Thunderbird 68.3 — Mozilla

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitabl...

8.8CVSS1.3AI score0.02994EPSS
Exploits3References8Affected Software1
Talos
Talos
added 2019/12/03 12:0 a.m.35 views

Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...

7.4CVSS7.3AI score0.01379EPSS
Exploits1
Talos
Talos
added 2019/12/03 12:0 a.m.288 views

Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.6AI score0.02289EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/11/26 12:0 a.m.181 views

SSL/TLS Deprecated Ciphers (deprecated)

The remote host has open SSL/TLS ports which advertise deprecated cipher suites. The ciphers contained in these suites are no longer supported by most major ssl libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL and, as such, should not be used for secure communication. Nessus 8.9 and later no...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2019/11/25 12:0 a.m.37 views

CVE-2019-11745

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

8.8CVSS6.8AI score0.02994EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.7 views

The vulnerability of OpenVPN software is related to issues with encryption using a 64-bit block. This allows a hacker to restore the original message.

The vulnerability of the OpenVPN software is related to issues with encryption when using a 64-bit block cipher. Exploiting this vulnerability allows a malicious actor to restore the original message through a “Sweet32” attack...

7.1CVSS6.5AI score0.0594EPSS
Exploits0References3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/18 1:57 p.m.46 views

Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Cast Iron Cloud integration

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron Cloud integration and has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary...

10CVSS1AI score0.89058EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/18 1:57 p.m.28 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere Cast Iron (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM WebSphere Cast Iron Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

4.3CVSS0.8AI score0.9986EPSS
Exploits1Affected Software1
OSV
OSV
added 2019/11/15 3:15 p.m.3 views

DEBIAN-CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...

5.9CVSS6AI score0.01522EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.1332 views

Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure

The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions o...

7.5CVSS6.9AI score0.45113EPSS
Exploits1References15
Kitploit
Kitploit
added 2019/11/07 8:43 p.m.146 views

Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory

Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...

8AI score
Exploits0References6
Kitploit
Kitploit
added 2019/10/28 12:0 p.m.137 views

Cryptovenom - The Cryptography Swiss Army Knife

CryptoVenom: The Cryptography Swiss Army knife What is CryptoVenom? CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern...

7.4AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.26 views

Security Bulletin: TLS padding vulnerability affects IBM Netezza Performance Portal (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Netezza Performance Portal. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information...

4.3CVSS0.4AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.16 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Netezza Platform Software (CVE-2015-2808)

Summary The RC4 Bar Mitzvah Attack for SSL/TLS affects IBM Netezza Platform Software. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit thi...

5CVSS0.7AI score0.74006EPSS
Exploits0Affected Software1
Schneier on Security
Schneier on Security
added 2019/10/04 5:4 p.m.104 views

More Cryptanalysis of Solitaire

In 1999, I invented the Solitaire encryption algorithm, designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon, and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I mad...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.28 views

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2016)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

5.6CVSS6.3AI score0.00388EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/09/20 11:44 a.m.2 views

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS5.8AI score0.0615EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/09/17 3:15 p.m.2 views

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS5.8AI score0.0615EPSS
Exploits0References5
Rows per page
Query Builder