Lucene search
K

2878 matches found

Debian CVE
Debian CVE
added 2008/05/29 4:0 p.m.32 views

CVE-2008-1672

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference...

4.3CVSS8.1AI score0.05EPSS
Exploits1
OpenSSL
OpenSSL
added 2008/05/28 12:0 a.m.32 views

Vulnerability in OpenSSL CVE-2008-1672

Testing using the Codenomicon TLS test suite discovered a flaw if the ‘Server Key exchange message’ is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash. Found by...

8.2AI score0.05EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/05/22 12:0 a.m.30 views

Debian DSA-1581-1 : gnutls13 - several vulnerabilities

Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. NOTE: The libgnutls13 package, which provides the GNUTLS library, does not contain logic to automatically restart potentially affected services. You must restart affected services...

10CVSS7.5AI score0.12018EPSS
Exploits3References7
RedHat Linux
RedHat Linux
added 2008/05/20 2:56 p.m.2 views

GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw

Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...

5CVSS7.1AI score0.04954EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.7 views

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

7.5CVSS5.9AI score0.13835EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.4 views

perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

2.6CVSS5.8AI score0.01397EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/03/28 12:0 a.m.35 views

openSUSE 10 Security Update : tomcat55 (tomcat55-5069)

This update of tomcat fixes cross-site-scripting bugs CVE-2007-2449 as well as it improves the list of supported SSL ciphers CVE-2007-1858. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

4.3CVSS5AI score0.77376EPSS
Exploits1References2
NVD
NVD
added 2008/02/05 3:0 a.m.25 views

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

2.1CVSS6.2AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2008/02/05 2:0 a.m.24 views

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

6.2AI score0.00301EPSS
Exploits0References4
CVE
CVE
added 2008/02/05 2:0 a.m.48 views

CVE-2007-6340

The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...

2.1CVSS6.2AI score0.00301EPSS
Exploits0References4Affected Software2
securityvulns
securityvulns
added 2008/01/30 12:0 a.m.85 views

Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: LSrunasE, Supercrypt Vendor: Geert Moernaut Type: Flawed Encryption Risk: Medium Author: Daniel Roethlisberger Date: 2008-01-29 CVE Name: CVE-2007-6340 Introduction ------------ LSrunasE 1 and Supercrypt 2 are utilities used to run commands...

2.1CVSS6.7AI score0.00301EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.32 views

Debian Security Advisory DSA 253-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 253-1. OpenVAS Vulnerability Test $Id: deb2531.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 253-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

5CVSS0.13718EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.21 views

Debian Security Advisory DSA 253-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 253-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.13718EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2007/11/26 1:56 p.m.97 views

Moderate: Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. ...

5CVSS5.7AI score0.90768EPSS
Exploits17References9
Prion
Prion
added 2007/11/20 7:46 p.m.34 views

Design/Logic Flaw

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on 1 forward security and 2 backward security, related to use of eight...

7.1CVSS6.6AI score0.55127EPSS
Exploits2References3
NVD
NVD
added 2007/11/20 7:46 p.m.32 views

CVE-2007-6043

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on 1 forward security and 2 backward security, related to use of eight...

7.1CVSS6.3AI score0.04725EPSS
Exploits0References3
CVE
CVE
added 2007/11/20 7:0 p.m.66 views

CVE-2007-6043

CVE-2007-6043 concerns the CryptGenRandom generator on Windows 2000, which produces predictable values. The description states this can let context-dependent attackers weaken cryptographic mechanisms, demonstrated via attacks on forward and backward security related to the use of eight RC4 instan...

7.1CVSS6.5AI score0.04725EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/11/20 7:0 p.m.42 views

CVE-2007-6043

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on 1 forward security and 2 backward security, related to use of eight...

6.3AI score0.04725EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2007/10/08 12:0 a.m.452 views

SSL Weak Cipher Suites Supported

The remote host supports the use of SSL ciphers that offer weak encryption. Note: This is considerably easier to exploit if the attacker is on the same physical network. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid26928; scriptversion"1.31";...

5.4AI score
Exploits0References1
NVD
NVD
added 2007/08/31 12:17 a.m.12 views

CVE-2007-4616

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept...

6.4CVSS6.7AI score0.0183EPSS
Exploits0References6
Rows per page
Query Builder