Lucene search
K

226 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:44 p.m.31 views

Security Bulletin: IBM Tealeaf Customer Experience is affected by vulnerabilities in OpenSSL

Summary Vulnerabilities in OpenSSL including the “FREAK” attack affect IBM Tealeaf Customer Experience. Vulnerability Details CVEID: CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the...

5CVSS0.4AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:37 p.m.37 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Cognos Command Center (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Cognos Command Center. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to proper...

4.3CVSS0.9AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:37 p.m.29 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Algo Credit Limits (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Algo Credit Limits. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

4.3CVSS0.4AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.18 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Image Construction and CompositionTool. (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Image Construction and Composition Tool. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

4.3CVSS0.8AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.16 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere MQ Internet Passthru (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM WebSphere MQ Internet Pass-thru MQIPT. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

4.3CVSS1.1AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.25 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere MQ Telemetry (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM WebSphere MQ Telemetry MQXR service. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

4.3CVSS0.6AI score0.9986EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2018/06/14 5:18 a.m.57 views

CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.5CVSS2.7AI score0.49268EPSS
Exploits0References2
OSV
OSV
added 2018/06/12 1:29 p.m.27 views

CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.5CVSS7.5AI score
Exploits0References37
Prion
Prion
added 2018/06/12 1:29 p.m.21 views

Design/Logic Flaw

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

5CVSS7.3AI score0.49268EPSS
Exploits0References37Affected Software4
Debian CVE
Debian CVE
added 2018/06/12 1:0 p.m.62 views

CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.5CVSS6.4AI score0.49268EPSS
Exploits0
OpenSSL
OpenSSL
added 2018/06/12 12:0 a.m.61 views

Vulnerability in OpenSSL - Client DoS due to large DH parameter

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.7AI score0.49268EPSS
Exploits0Affected Software1
Prion
Prion
added 2018/04/18 2:29 p.m.28 views

Input validation

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD...

6.4CVSS9.6AI score0.00863EPSS
Exploits0References2
CVE
CVE
added 2018/04/18 2:0 p.m.61 views

CVE-2016-10492

CVE-2016-10492 affects Android devices running on Qualcomm Snapdragon/mobile platforms. The issue arises from improper ciphersuite validation, allowing SecSSL to accept an unadvertised ciphersuite. Reported impact includes high confidentiality and integrity concerns (per CVSSv3: Critical, 9.1; CV...

9.1CVSS8.3AI score0.00863EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/18 2:0 p.m.23 views

CVE-2016-10492

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD...

9.5AI score0.00863EPSS
Exploits0References2
OSV
OSV
added 2017/05/04 7:29 p.m.26 views

CVE-2017-3733

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...

7.5CVSS6.5AI score
Exploits0References8
Cvelist
Cvelist
added 2017/05/04 7:0 p.m.29 views

CVE-2017-3733 Encrypt-Then-Mac renegotiation crash

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...

7.3AI score0.12874EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.271 views

EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1016)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrust...

9.6CVSS7.6AI score0.95707EPSS
Exploits13References12
Veracode
Veracode
added 2017/03/16 5:1 p.m.35 views

Information Disclosure

OpenSSL is vulnerable to information disclosure. The library contains a carry propagation bug during the montgomery squaring procedure. This makes it easier for a malicious user to obtain sensitive private key information from the Diffie-Hellman Ciphersuite as the attack can be conducted offline...

5.9CVSS6.3AI score0.15934EPSS
Exploits1References19Affected Software14
FreeBSD
FreeBSD
added 2017/02/16 12:0 a.m.57 views

openssl -- crash on handshake

The OpenSSL project reports: Severity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent on ciphersuite. Both clients and servers are affected. This issue do...

7.5CVSS7.5AI score0.12874EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/02/15 12:0 a.m.67 views

GLSA-201702-07 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201702-07 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker is able to crash applications linked...

7.5CVSS7.7AI score0.57595EPSS
Exploits6References5
Rows per page
Query Builder