138 matches found
EUVD-2020-4725
Malware in sbrugna...
EUVD-2023-35451
Malicious code in bioql PyPI...
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEat or DHEater attack. The client needs very little CPU resources...
Linux Distros Unpatched Vulnerability : CVE-2020-12413
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE...
SUSE: Security Advisory (SUSE-SU-2024:3525-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2024:3525-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3525-1 advisory. - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used,...
SUSE-SU-2024:3525-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:3500-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3500-1 advisory. - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol,...
SUSE-SU-2024:3500-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698...
CVE-2024-41996
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...
CVE-2024-41996
CVE-2024-41996 is cited in the Ubuntu USN/NASL doc as a vulnerability where validating the order of public keys in Diffie-Hellman with an approved safe prime can cause a client to trigger expensive server-side DHE exponentiations, leading to asymmetric resource consumption. The connected document...
SUSE-SU-2023:2470-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - Update to version 3.0.8 bsc1207541. - CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular-exponentiation with long exponents in Diffie-Hellman Key Agreement Protocol bsc1205476. - CVE-2023-1255: Fixed input buffer...
Siemens SCALANCE W1750D Uncontrolled Resource Consumption (CVE-2002-20001)
The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular- exponentiation calculations, aka a DHEater attack. The client needs very little CPU resources and...
CVE-2023-31127
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
Authentication flaw
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
CVE-2023-31127 DMTF-2023-0001: SPDM mutual authentication bypass
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
CVE-2023-31127 DMTF-2023-0001: SPDM mutual authentication bypass
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
K95434410: TMM vulnerability CVE-2019-6629
Security Advisory Description Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact...
K15551553: OpenSSL vulnerability CVE-2017-3730
Security Advisory Description In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...
K91158923: BIG-IP SSL/TLS ADH/DHE vulnerability CVE-2020-5929
Security Advisory Description BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a virtual server configured with a Client SSL profile, and using Anonymous Diffie-Hellman ADH or Ephemeral Diffie-Hellman DHE key exchange and Single DH use option not enabled in the options list ma...