CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2874 matches found

OSV•added 2017/09/26 1:29 a.m.•4 views

CVE-2017-7971

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate...

6.5CVSS5.8AI score0.00781EPSS

Exploits0References3

Prion•added 2017/09/26 1:29 a.m.•16 views

Design/Logic Flaw

4CVSS7AI score0.00781EPSS

Exploits0References3Affected Software2

Cvelist•added 2017/09/25 7:0 p.m.•20 views

CVE-2017-7971

6.5AI score0.00781EPSS

Exploits0References3

CVE•added 2017/09/25 7:0 p.m.•56 views

CVE-2017-7971

CVE-2017-7971 affects Schneider Electric PowerSCADA Anywhere v1.0 (used with PowerSCADA Expert v8.1/8.2) and Citect Anywhere v1.0. The issue is outdated TLS cipher suites and improper verification of peer SSL certificates, enabling potential man-in-the-middle or insecure communications. Public do...

6.5CVSS6.5AI score0.00781EPSS

Exploits0References3Affected Software1

CNVD•added 2017/09/06 12:0 a.m.•3 views

SimpleSAMLphp CBC Mode Encryption Unauthentication Vulnerability

SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider features . A security vulnerability exists in SimpleSAMLphp 1.14.12 and earlier versions. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack a...

5.9CVSS5.7AI score0.00875EPSS

Exploits0References1

NVD•added 2017/08/29 10:29 p.m.•18 views

CVE-2017-0379

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c...

7.5CVSS7.4AI score0.0351EPSS

Exploits0References11

OSV•added 2017/08/29 10:29 p.m.•17 views

CVE-2017-0379

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c...

7.5CVSS7.4AI score0.0351EPSS

Exploits0References11

Cvelist•added 2017/08/29 10:0 p.m.•27 views

CVE-2017-0379

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c...

6.4AI score0.0351EPSS

Exploits0References11

AlpineLinux•added 2017/08/29 10:0 p.m.•42 views

CVE-2017-0379

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c...

7.5CVSS6.6AI score0.0351EPSS

Exploits0

UbuntuCve•added 2017/08/29 12:0 a.m.•24 views

CVE-2017-0379

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c...

7.5CVSS7.1AI score0.0351EPSS

Exploits0References2

Tenable Nessus•added 2017/08/29 12:0 a.m.•143 views

SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Binary data 7282.pasl...

5.9CVSS6.5AI score0.84424EPSS

Exploits0References2

RedhatCVE•added 2017/08/28 12:48 p.m.•27 views

CVE-2017-0379

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c...

7.5CVSS3.9AI score0.0351EPSS

Exploits0References1

CNVD•added 2017/08/21 12:0 a.m.•2 views

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2017-24357)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. An information disclosure vulnerability exists in IBM WAS...

5.9CVSS5.6AI score0.02033EPSS

Exploits0References1

CNVD•added 2017/08/19 12:0 a.m.•3 views

Google Android Qualcomm Component Unauthorized Operation Vulnerability (CNVD-2017-26831)

Android is a Linux-based open-source operating system developed by Google and the Open Handheld Alliance OHA, and Qualcomm closed-source components are among the closed-source components developed by Qualcomm. A security vulnerability exists in the Qualcomm closed-source component in Android, whi...

10CVSS9.3AI score0.0052EPSS

Exploits0References1

RedHat Linux•added 2017/08/10 11:3 p.m.•2 views

bouncycastle: Information disclosure in GCMBlockCipher

It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information...

4.3CVSS7.1AI score0.00926EPSS

Exploits0References4

BDU FSTEC•added 2017/08/10 12:0 a.m.•4 views

The vulnerability of the mod_session_crypto module in the Apache HTTP Server allows attackers to perform attacks like Padding Oracle.

The vulnerability of the modsessioncrypto module in the Apache HTTP Server is related to encryption algorithm errors. The modsessioncrypto module encrypts its data/cookies using configured encryption algorithms with CBC or ECB modes AES256-CBC by default. Therefore, there is no optional or built-...

5CVSS7.2AI score0.49024EPSS

Exploits4References7

NVD•added 2017/08/09 6:29 p.m.•17 views

CVE-2015-3277

The modnss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring...

7.5CVSS7.4AI score0.0253EPSS

Exploits0References3

UbuntuCve•added 2017/08/09 6:29 p.m.•24 views

CVE-2015-3277

The modnss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring...

7.5CVSS7.1AI score0.0253EPSS

Exploits0References2