CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

HP Integrated Lights-Out Information Disclosure Vulnerability (CNVD-2016-07089)

HP Integrated Lights-Out is used for remote management of servers. An information disclosure vulnerability exists in HP Integrated Lights-Out. A remote attacker could exploit this vulnerability to cause information disclosure via TLS CBC Padding and MAC errors...

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

OpenSSH CBC Padding Weak Password Vulnerability

OpenSSH is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. A weak password vulnerability exists in OpenSSH CBC Padding, which allows an attacker to bypass security restrictions and obtain sensitive information...

Oracle Access Manager Webgate Information Disclosure (July 2016 CPU)

Binary data oracleaccessmanagerwebgatecve20162107.nbin...

SWEET32: TLS 6 4-bit block cipher birthday attack(CVE-2 0 1 6-2 1 8 3)-vulnerability warning-the black bar safety net

The problem of the attack of harsh conditions. The attacker needs to get a lot of ciphertext, the thesis of the author is by 3 0 hours, 610GB of data to achieve. In addition, the need to plaintext in Important Information a lot of repetition which is to eventually be able to decrypt it's content,...

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

Binary data 7222.pasl...

TLS-Attacker - A Java-based Framework for Analyzing TLS Libraries

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow...

Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)

According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improp...

openSUSE Security Update : libircclient (openSUSE-2016-846)

This update fixes an issue with libircclient using an insecure openssl cipher suite. - cipher suite fix from ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH to EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH bnc857151 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...

Vulnerability of Cisco ACE software, which allows a malicious actor to intercept sessions

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

The vulnerability of the OpenSSL software allows a malicious attacker to compromise the confidentiality of protected information.

The vulnerability exists in the SSL protocol for OpenSSL due to the use of non-deterministic padding for CBC encryption block chaining of the encryption text. Exploiting this vulnerability allows a malicious actor to obtain unencrypted data by using a padding prediction attack, known as POODLE...

Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...

openSUSE Security Update : libircclient (openSUSE-2016-831)

This update for libircclient adjusts the cipher suites from ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH to to EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH boo857151 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

openSUSE Security Update : libircclient (openSUSE-2016-830)

This update for libircclient adjusts the cipher suites from ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH to to EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH boo857151 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Radancy: RC4 cipher suites detected

RC4 cipher suites SSL3 on port 443: SSL3CKRSARC4128MD5 - High strength SSL3CKRSARC4128SHA - High strength Host: qics.maximum.com...

IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

According to its self-reported version number, the IBM Storwize server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A...

Low: mod24_nss

Issue Overview: It was reported that +CIPHER operator in OpenSSL changes the order of a cipher. Instead of returning an error as NSS does not support cipher ordering, it returned the result of processing up to that point, which could result in requested ciphers not being enabled. Affected Package...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-714)

This update to Mozilla Firefox 47 fixes the following issues boo983549 : Security fixes : - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-704)

This update to Mozilla Firefox 47 fixes the following issues boo983549 : Security fixes : - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free...