Lucene search
+L

139 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:15 p.m.153 views

K16674: TLS vulnerability CVE-2015-4000

Security Advisory Description The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE...

4.3CVSS6.8AI score0.9986EPSS
Exploits1Affected Software16
NVD
NVD
added 2023/02/16 10:15 p.m.33 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS5.7AI score0.00594EPSS
Exploits0References2
OSV
OSV
added 2023/02/16 10:15 p.m.10 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.6AI score0.00594EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/02/16 10:15 p.m.44 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.7AI score0.00594EPSS
Exploits0References2
Prion
Prion
added 2023/02/16 10:15 p.m.23 views

Design/Logic Flaw

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

2.6CVSS5.7AI score0.00594EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/16 12:0 a.m.11 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

6.7AI score0.00594EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/16 12:0 a.m.33 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9AI score0.00594EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/02/16 12:0 a.m.69 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.1AI score0.00594EPSS
Exploits0
CVE
CVE
added 2023/02/16 12:0 a.m.106 views

CVE-2020-12413

The CVE-2020-12413 case covers a timing attack on DHE ciphersuites in TLS (the Raccoon attack). Affected component is the DHE-based TLS handshake; underlying impact is a potential loss of confidentiality if DHE ciphersuites are used. Mitigation observed in sources: Firefox disabled support for DH...

5.9CVSS5.5AI score0.00594EPSS
Exploits0References2Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2002-20001

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEat or DHEater attack. The client needs very little CPU resources...

7.5CVSS7AI score0.23061EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.3 views

SUSE CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

7.5CVSS8.6AI score0.03036EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.5 views

SUSE CVE-2016-1978

Use-after-free vulnerability in the ssl3HandleECDHServerKeyExchange function in Mozilla Network Security Services NSS before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL 1 DHE or 2 ECD...

7.3CVSS9.3AI score0.02386EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2023/01/24 5:16 p.m.172 views

K83120834: Diffie-Hellman key agreement protocol weaknesses CVE-2002-20001 & CVE-2022-40735

Security Advisory Description The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEater attack. The client needs very...

7.5CVSS7.2AI score0.23061EPSS
Exploits1Affected Software18
Tenable Nessus
Tenable Nessus
added 2022/05/19 12:0 a.m.68 views

F5 Networks BIG-IP : Diffie-Hellman key agreement protocol weaknesses (K83120834)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K83120834 advisory. The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary...

7.5CVSS7.1AI score0.23061EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/12/16 12:0 a.m.53 views

Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)

The remote SSL/TLS server is supporting Diffie-Hellman ephemeral DHE Key Exchange algorithms and thus could be prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.5CVSS6.7AI score0.23061EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2021/11/18 12:0 a.m.104 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.0 / 9.0.x < 9.0.0 / 9.1.x < 9.1.0 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.0 or 9.0.x prior to 9.0.0 or 9.1.x prior to 9.1.0. It is, therefore, affected by a vulnerability. - In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for us...

4.3CVSS6.4AI score0.04803EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/11/11 12:0 a.m.209 views

CVE-2002-20001

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEat or DHEater attack. The client needs very little CPU resources...

7.5AI score0.23061EPSS
Exploits1References13
CVE
CVE
added 2021/11/11 12:0 a.m.412 views

CVE-2002-20001

CVE-2002-20001 describes a Diffie-Hellman key exchange weakness where a remote attacker (from the client side) can send non-public values to induce expensive server-side DHE modular-exponentiation, potentially impacting availability. The description specifies that the attack is most disruptive wh...

7.5CVSS7.3AI score0.23061EPSS
Exploits1References13Affected Software1
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.17 views

Mozilla Firefox Security Advisory (MFSA2015-70) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4.3CVSS5.3AI score0.9986EPSS
Exploits1References4
Palo Alto Networks
Palo Alto Networks
added 2021/10/13 4:0 p.m.81 views

PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968

In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for use in traffic decryption improperly shares a cryptographic secret across multiple TLS connections, which weakens its cryptographic strength. This is a prerequisite for successful exploitation...

3.7CVSS2.4AI score0.04803EPSS
Exploits0References2
Rows per page
Query Builder