Lucene search
+L

42 matches found

thn
thn
added 2020/09/10 11:9 a.m.108 views

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

A group of researchers has detailed a new timing vulnerability in Transport Layer Security TLS protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a...

5.9CVSS1.1AI score0.01206EPSS
Exploits0
ibm
ibm
added 2019/11/18 1:57 p.m.28 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere Cast Iron (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM WebSphere Cast Iron Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

4.3CVSS0.8AI score0.9986EPSS
Exploits1Affected Software1
veracode
veracode
added 2019/05/02 5:40 a.m.45 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References31Affected Software4
veracode
veracode
added 2019/05/02 5:40 a.m.36 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References30Affected Software4
veracode
veracode
added 2019/05/02 5:40 a.m.35 views

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...

9.8CVSS4.6AI score0.9986EPSS
Exploits1References12Affected Software1
redhat
redhat
added 2018/07/12 4:14 p.m.8 views

openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

5.9CVSS6.8AI score0.13411EPSS
Exploits0References5
ibm
ibm
added 2018/06/18 12:9 a.m.28 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Virtualization Engine TS7700 (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

4.3CVSS0.9AI score0.9986EPSS
Exploits1Affected Software5
ibm
ibm
added 2018/06/17 10:32 p.m.32 views

Security Bulletin: Multiple vulnerabilities in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary Multiple vulnerabilities have been identified in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and in supporting products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerability Details This security bulletin covers multiple vulnerabilities in...

10CVSS0.9AI score0.9986EPSS
Exploits11Affected Software1
ibm
ibm
added 2018/06/17 5:3 a.m.23 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Rational Automation Framework (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Automation Framework. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

4.3CVSS0.6AI score0.9986EPSS
Exploits1Affected Software1
ibm
ibm
added 2018/06/16 9:25 p.m.77 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...

4.3CVSS1.2AI score0.9986EPSS
Exploits1Affected Software1
ibm
ibm
added 2018/06/16 1:33 p.m.29 views

Security Bulletin: DH key exchange protocol vulnerability (“Logjam”) in IBM Java SDK affects IBM SPSS Statistics (CVE-2015-4000)

Summary TLS connections using Diffie-Hellman DH key exchange protocol, “Logjam” attack, affects IBM Java SDK 1.6, 1.7 that is used by IBM SPSS Statistics. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused...

4.3CVSS1.1AI score0.9986EPSS
Exploits1Affected Software1
ibm
ibm
added 2018/06/15 7:4 a.m.25 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 and 7, that is used by IBM OS Images for Red Hat Linux Systems, AIX, and Windows. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam Attack o...

10CVSS0.6AI score0.9986EPSS
Exploits1Affected Software1
nvd
nvd
added 2016/02/15 2:59 a.m.34 views

CVE-2016-0701

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

3.7CVSS5.3AI score0.83645EPSS
Exploits1References24
prion
prion
added 2016/02/15 2:59 a.m.41 views

Design/Logic Flaw

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

2.6CVSS7AI score0.83645EPSS
Exploits1References24Affected Software1
debiancve
debiancve
added 2016/02/15 12:0 a.m.46 views

CVE-2016-0701

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

3.7CVSS6AI score0.83645EPSS
Exploits1
openvas
openvas
added 2015/09/08 12:0 a.m.38 views

Amazon Linux: Security Advisory (ALAS-2015-569)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.6AI score0.9986EPSS
Exploits1References2
openvas
openvas
added 2015/08/10 12:0 a.m.39 views

CentOS Update for java CESA-2015:1526 centos7

Check the version of java SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882237";...

10CVSS5.5AI score0.9986EPSS
Exploits1References4
openvas
openvas
added 2015/08/03 12:0 a.m.41 views

RedHat Update for java-1.6.0-openjdk RHSA-2015:1526-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.4AI score0.9986EPSS
Exploits1References4
openvas
openvas
added 2015/07/31 12:0 a.m.33 views

Debian: Security Advisory (DSA-3325-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.3AI score0.73327EPSS
Exploits0References3
centos
centos
added 2015/07/30 11:24 p.m.94 views

java security update

CentOS Errata and Security Advisory CESA-2015:1526 Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring...

10CVSS6AI score0.9986EPSS
Exploits1References7
Rows per page
Query Builder