Lucene search
K

2876 matches found

Akamai Blog
Akamai Blog
added 2019/05/15 4:0 a.m.17 views

Bots Tampering with TLS to Avoid Detection

Researchers at Akamai observed attackers using a novel approach for evading detection. This new technique - which we call Cipher Stunting - has become a growing threat, with its roots tracing back to early-2018. By using advanced methods, attackers are...

5.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/14 11:11 a.m.42 views

Cryptanalysis of SIMON-32/64

A weird paper was posted on the Cryptology ePrint Archive working link is via the Wayback Machine, claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here. Basically, the authors claimed an attack so devastating that they would only publish a...

2.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.42 views

EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttl...

10CVSS7.5AI score0.95707EPSS
Exploits21References17
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.33 views

EulerOS Virtualization for ARM 64 3.0.1.0 : python (EulerOS-SA-2019-1403)

According to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an...

9.8CVSS6.9AI score0.95707EPSS
Exploits8References5
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.48 views

EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1547)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509...

10CVSS8.4AI score0.99977EPSS
Exploits39References21
Tenable Nessus
Tenable Nessus
added 2019/05/06 12:0 a.m.45 views

EulerOS 2.0 SP3 : openssl110f (EulerOS-SA-2019-1328)

According to the version of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value...

7.4CVSS6.3AI score0.05701EPSS
Exploits0References2
Veracode
Veracode
added 2019/05/02 5:39 a.m.36 views

Sandbox Restrictions Bypass

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...

10CVSS5.1AI score0.74006EPSS
Exploits1References28Affected Software1
Veracode
Veracode
added 2019/05/02 4:48 a.m.35 views

Timing Side-Channel

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timin...

5CVSS5.6AI score0.05213EPSS
Exploits0References24Affected Software4
OSV
OSV
added 2019/04/29 6:9 a.m.12 views

SUSE-SU-2018:3776-2 Security update for openssh

This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...

5.9CVSS6AI score0.98631EPSS
Exploits23References7
RedHat Linux
RedHat Linux
added 2019/04/25 7:43 a.m.2 views

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS5.8AI score0.0615EPSS
Exploits0References5
Veracode
Veracode
added 2019/04/25 3:8 a.m.7 views

Insecure Cipher Suites

excon uses insecure SSL cipher suites. The usage of insecure 3DES ciphers enables a remote attacker to carry out man-in-the-middle attacks...

6.5AI score
Exploits0
0day.today
0day.today
added 2019/04/25 12:0 a.m.31 views

Linux/x86 - Rabbit Shellcode Crypter (200 bytes)

Introduction Exploit Title: Rabbit Shellcode Crypter Date: 24.4.2019 Exploit Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Description: Crypter which encrypts, decrypts and executes given shellcode using Rabbit symmetric cipher Keep in mind before use 1. Max...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/22 8:40 a.m.2042 views

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...

4.3CVSS6.9AI score0.17139EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/04/03 11:49 p.m.35 views

CVE-2019-1543

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

7.4CVSS0.5AI score0.05701EPSS
Exploits0References3
OSV
OSV
added 2019/04/02 6:30 p.m.5 views

CVE-2019-7477

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0...

7.5CVSS7.2AI score
Exploits0References1
NVD
NVD
added 2019/04/02 6:30 p.m.10 views

CVE-2019-7477

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0...

7.5CVSS7.4AI score0.01192EPSS
Exploits0References1
Prion
Prion
added 2019/04/02 6:30 p.m.12 views

Code injection

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0...

5CVSS7.4AI score0.01192EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2019/04/02 5:20 p.m.47 views

CVE-2019-7477

CVE-2019-7477 is a vulnerability in SonicWall SonicOS and SonicOSv TLS CBC cipher suites that allows remote attackers to obtain sensitive plaintext data when CBC ciphers are enabled. Affected products and versions include SonicOS Gen 5 (5.9.1.10 and earlier) and Gen 6 (6.2.7.3, 6.5.1.3, 6.5.2.2, ...

7.5CVSS7.4AI score0.01192EPSS
Exploits0References1Affected Software2
SonicWall
SonicWall
added 2019/04/01 8:0 p.m.6 views

SonicOS & SonicOSv CBC Cipher TLS Padding Vulnerability

A vulnerability in SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...

7.5CVSS6.7AI score0.01192EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.47 views

openSUSE Security Update : java-11-openjdk (openSUSE-2019-818)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.1+13 Oracle October 2018 CPU Security fixes : - S8202936, CVE-2018-3183, bsc1112148: Improve script engine support - S8199226, CVE-2018-3169, bsc1112146: Improve field accesses - S8199177, CVE-2018-3149,...

9CVSS6.9AI score0.07215EPSS
Exploits2References19
Rows per page
Query Builder