Lucene search
K

2876 matches found

Tenable Nessus
Tenable Nessus
added 2019/01/21 12:0 a.m.19 views

SSL/TLS Insecure Cipher Suites Supported

The remote host supports the use of SSL/TLS ciphers that offer insecure encryption export cipher suites and encryption less than 128 bits. No source data...

7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/18 12:0 a.m.17 views

SSL/TLS Null Cipher Suites Supported

The remote host supports the use of SSL/TLS ciphers that offer no encryption at all. No source data...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/18 12:0 a.m.25 views

SSL/TLS Anonymous Cipher Suites Supported

The remote host supports the use of SSL/TLS ciphers that offer no authentication at all. No source data...

7.7AI score
Exploits0References1
Veracode
Veracode
added 2019/01/15 9:10 a.m.40 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service attacks. The attacks are due to a flaw in the way OpenSSL does the SSLv2 handshake messages. Therefore, when it has SSLv2 and EXPORT-grade cipher suites enabled, attackers can send malicious SSLv2 CLIENT-MASTER-Key messages to cause server failures...

5CVSS5AI score0.21247EPSS
Exploits0References61Affected Software2
Veracode
Veracode
added 2019/01/15 8:58 a.m.28 views

Information Leakage

The GnuTLS library is susceptible to information leakage. When CBC-mode cipher is used, attacker can use a TLS/SSL server as a padding oracle to decrypt the encrypted packets...

4CVSS5.7AI score0.0644EPSS
Exploits1References16Affected Software1
Veracode
Veracode
added 2019/01/15 8:55 a.m.25 views

Weak Cipher Suite

openldap is uses weak cipher suite by default. The default cipher suite is always used in libraries/libldap/tlsm.c in OpenLDAP, when using the Mozilla NSS backend, even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attacke...

4.3CVSS9AI score0.04114EPSS
Exploits0References19Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.17 views

SSL/TLS Cipher Suites Supported

This plugin displays supported SSL/TLS cipher suites. No source data...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/08 12:0 a.m.1039 views

TLS Version 1.1 Protocol Detection

The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that...

5.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/01/04 5:21 p.m.9 views

Phishing Tactic Hides Tracks with Custom Fonts

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...

0.7AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/03 8:55 p.m.26 views

Security Bulletin: A vulnerability in RC4 stream cipher affects IBM FlashSystem 900 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM FlashSystem 900. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS1AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/03 8:50 p.m.30 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM FlashSystem 900 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM FlashSystem 900. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS6.6AI score0.74006EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.39 views

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-1)

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

8.3CVSS5.7AI score0.15141EPSS
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2018/12/10 12:0 a.m.35 views

Amazon Linux 2 : gnutls (ALAS-2018-1120)

It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.CVE-2018-10844 It was foun...

5.9CVSS6.3AI score0.03623EPSS
Exploits0References4
Prion
Prion
added 2018/12/05 10:29 p.m.19 views

Code injection

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-ECDHE cipher suites...

1.9CVSS4.5AI score0.00336EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/12/05 10:29 p.m.2 views

ALPINE-CVE-2018-19608

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-ECDHE cipher suites...

4.7CVSS6.6AI score0.00336EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/12/05 10:0 p.m.25 views

CVE-2018-19608

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-ECDHE cipher suites...

4.7CVSS4.9AI score0.00336EPSS
Exploits0
NVD
NVD
added 2018/12/03 6:29 a.m.16 views

CVE-2018-19795

ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device...

7.2CVSS6.5AI score0.0043EPSS
Exploits1References1
Prion
Prion
added 2018/12/03 6:29 a.m.15 views

Default credentials

ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device...

7.2CVSS6.6AI score0.0043EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/03 6:0 a.m.22 views

CVE-2018-19795

ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device...

6.5AI score0.0043EPSS
Exploits1References1
CVE
CVE
added 2018/12/03 6:0 a.m.39 views

CVE-2018-19795

ChipsBank UMPTool stores passwords in NAND using a simple substitution cipher, enabling full device access if an attacker has physical access. The vulnerability arises from weak password handling (insecure storage of credentials) and grants high impact to confidentiality, integrity, and availabil...

7.2CVSS6.5AI score0.0043EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder