Lucene search
+L

139 matches found

Into the symmetry
Into the symmetry
added 2016/01/29 5:19 a.m.268 views

OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Usual Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL...

2.6CVSS5.8AI score0.83645EPSS
Exploits1
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.57 views

Use-after-free in NSS during SSL connections in low memory — Mozilla

Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability...

7.5CVSS1.5AI score0.02386EPSS
Exploits0References2Affected Software3
FreeBSD
FreeBSD
added 2016/01/26 12:0 a.m.30 views

NSS -- multiple vulnerabilities

Mozilla Foundation reports: Security researcher Hanno Böck reported that calculations with mpdiv and mpexptmod in Network Security Services NSS can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to...

0.5AI score
Exploits0References4
ArchLinux
ArchLinux
added 2015/12/05 12:0 a.m.71 views

openssl lib32-openssl: multiple issues

CVE-2015-3193 insecure private key in connection with DHE There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not...

5CVSS0.8AI score0.44016EPSS
Exploits1References6
OpenSSL
OpenSSL
added 2015/12/03 12:0 a.m.54 views

Vulnerability in OpenSSL - BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible...

6.6AI score0.25137EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2015/11/24 12:0 a.m.31 views

OpenSSL Multiple Vulnerabilities (20150319 - 2) - Windows

OpenSSL is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6.8AI score0.33482EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2015/11/24 12:0 a.m.28 views

OpenSSL Multiple Vulnerabilities (20150319 - 2) - Linux

OpenSSL is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6.8AI score0.33482EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2015/08/25 12:0 a.m.8 views

The vulnerability of the OpenSSL library, which allows attackers to carry out attacks aimed at reducing the security of encryption algorithms

The vulnerability of the OpenSSL library is related to errors in cryptographic transformations. Exploiting this vulnerability allows a malicious actor, operating remotely and having access to the data transmission channel, to carry out attacks aimed at reducing the resilience of encryption...

4.3CVSS5.8AI score0.9986EPSS
Exploits1References17Affected Software2
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.129 views

ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2015-081 CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 Severity...

7.5CVSS1AI score0.98685EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2015/08/03 12:0 a.m.39 views

Debian DSA-3324-1 : icedove - security update (Logjam)

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability...

10CVSS7.5AI score0.9986EPSS
Exploits2References13
Debian
Debian
added 2015/08/01 5:9 p.m.47 views

[SECURITY] [DSA 3324-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3324-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 01, 2015 https://www.debian.org/security/faq -...

10CVSS6.5AI score0.9986EPSS
Exploits2
OSV
OSV
added 2015/08/01 12:0 a.m.20 views

DSA-3324-1 icedove - security update

Bulletin has no description...

10CVSS6.2AI score0.9986EPSS
Exploits2
OpenVAS
OpenVAS
added 2015/07/31 12:0 a.m.46 views

Debian: Security Advisory (DSA-3324-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS5.5AI score0.9986EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2015/07/21 12:0 a.m.51 views

Ubuntu: Security Advisory (USN-2673-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS5.5AI score0.9986EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2015/07/16 12:0 a.m.40 views

Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)

USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to...

10CVSS7.7AI score0.9986EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2015/07/16 12:0 a.m.47 views

FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)

The Mozilla Project reports : MFSA 2015-59 Miscellaneous memory safety hazards rv:39.0 / rv:31.8 / rv:38.1 MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs MFSA 2015-61 Type confusion in Indexed Database Manager MFSA 2015-62 Out-of-bound read while computing an...

10CVSS7.2AI score0.9986EPSS
Exploits2References36
OSV
OSV
added 2015/07/15 6:13 p.m.9 views

SUSE-SU-2015:1268-1 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss

MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2728: Type confusion in Index...

10CVSS7.2AI score0.9986EPSS
Exploits2References21
Tenable Nessus
Tenable Nessus
added 2015/07/06 12:0 a.m.55 views

Debian DSA-3300-1 : iceweasel - security update (Logjam)

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability i...

10CVSS7.6AI score0.9986EPSS
Exploits1References15
OSV
OSV
added 2015/07/04 12:0 a.m.51 views

DSA-3300-1 iceweasel - security update

Bulletin has no description...

10CVSS5.7AI score0.9986EPSS
Exploits2
OpenVAS
OpenVAS
added 2015/07/04 12:0 a.m.47 views

Debian Security Advisory DSA 3300-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3300.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3300-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

10CVSS0.5AI score0.9986EPSS
Exploits1References1
Rows per page
Query Builder