Lucene search
+L

139 matches found

UbuntuCve
UbuntuCve
added 2017/05/04 7:29 p.m.50 views

CVE-2017-3730

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...

7.5CVSS7.1AI score0.55294EPSS
Exploits5References2
Cvelist
Cvelist
added 2017/05/04 7:0 p.m.25 views

CVE-2017-3730 Bad (EC)DHE parameters cause a client crash

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...

7.3AI score0.55294EPSS
Exploits5References10
CVE
CVE
added 2017/05/04 7:0 p.m.125 views

CVE-2017-3730

OpenSSL 1.1.0 before 1.1.0d is affected. A malicious server may supply bad DHE/ECDHE parameters causing the client to dereference a NULL pointer, resulting in a client crash and a Denial of Service. This is the explicit root cause described in multiple sources. Remediation is to upgrade to OpenSS...

7.5CVSS7.3AI score0.55294EPSS
Exploits5References10Affected Software1
Broadcom
Broadcom
added 2017/05/02 12:0 a.m.19 views

BSA-2017-258

Security Advisory ID : BSA-2017-258 Component : ECDHE Parameters Revision : 1.0: Interim If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointerleading to a client crash. This could be exploited in a...

7.5CVSS8.8AI score0.55294EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.45 views

EulerOS 2.0 SP1 : nss, nspr, nss-softokn, nss-util (EulerOS-SA-2016-1017)

According to the versions of the nss, nspr, nss-softokn, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way NSS handled DHE Diffie-Hellman key exchange and ECDHE Elliptic Curve...

8.8CVSS8.5AI score0.02386EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/04/24 9:56 a.m.34 views

Weblate: Web server is vulnerable to Beast Attack

Supported versions: TLSv1.0 TLSv1.1 TLSv1.2 Deflate compression: no Supported cipher suites ORDER IS NOT SIGNIFICANT: TLSv1.0 RSAWITHAES128CBCSHA DHERSAWITHAES128CBCSHA RSAWITHAES256CBCSHA DHERSAWITHAES256CBCSHA TLSv1.1: idem TLSv1.2 RSAWITHAES128CBCSHA DHERSAWITHAES128CBCSHA RSAWITHAES256CBCSHA...

2.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2017/02/28 12:0 a.m.5 views

OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference (CVE-2017-3730)

A NULL pointer dereference vulnerability exists in OpenSSL. This vulnerability is due to the way crafted DHE and ECDHE parameters are handled by an OpenSSL client application during TLS handshake. A remote attacker could exploit this vulnerability in an OpenSSL client application, by sending...

5CVSS2.6AI score0.55294EPSS
Exploits5
OpenVAS
OpenVAS
added 2017/02/09 12:0 a.m.36 views

OpenSSL Bad (EC)DHE Parameters DoS Vulnerability - Linux

OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

7.5CVSS7.5AI score0.55294EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2017/02/09 12:0 a.m.39 views

OpenSSL Bad (EC)DHE Parameters DoS Vulnerability - Windows

OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

7.5CVSS7.5AI score0.55294EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2017/01/30 12:0 a.m.100 views

OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0d advisory. - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d...

7.5CVSS7.2AI score0.57595EPSS
Exploits6References10
RedhatCVE
RedhatCVE
added 2017/01/26 3:47 p.m.30 views

CVE-2017-3730

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...

7.5CVSS3.7AI score0.55294EPSS
Exploits5References2
Hacker One
Hacker One
added 2017/01/26 2:10 p.m.42 views

Internet Bug Bounty: CVE-2017-3730: Bad (EC)DHE parameters cause a client crash

https://www.openssl.org/news/secadv/20170126.txt https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/...

5CVSS7.6AI score0.55294EPSS
Exploits5
OpenSSL
OpenSSL
added 2017/01/26 12:0 a.m.82 views

Vulnerability in OpenSSL - BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible...

6.7AI score0.25137EPSS
Exploits1Affected Software1
OpenSSL
OpenSSL
added 2017/01/26 12:0 a.m.44 views

Vulnerability in OpenSSL - Bad (EC)DHE parameters cause a client crash

If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. Found by Guido Vranken...

7.3AI score0.55294EPSS
Exploits5Affected Software1
OpenVAS
OpenVAS
added 2016/10/26 12:0 a.m.28 views

Amazon Linux: Security Advisory (ALAS-2016-702)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.3AI score0.02386EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/09/28 12:0 a.m.81 views

SUSE SLES12 Security Update : apache2-mod_nss (SUSE-SU-2016:2396-1) (POODLE)

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements : - Fix OpenSSL ciphers stopped parsing at +. CVE-2016-3099 - Created valgrind suppression files to ease debugging. - Implement SSLPPTYPEFILTER to call executables to get the key password pins. - Improvements ...

9.8CVSS6.5AI score0.99999EPSS
Exploits7References12
OPENSUSE Linux
OPENSUSE Linux
added 2016/09/26 6:10 p.m.44 views

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox was updated to version 49.0 boo999701 - New features Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. Added features to Reader Mode that make it easier on the eyes and the ears Improved video performance for users on systems that support SSE3 without...

7.5CVSS0.05037EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/09/19 12:0 a.m.249 views

SUSE SLES11 Security Update : apache2-mod_nss (SUSE-SU-2016:2329-1) (POODLE)

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements : - SHA256 cipher names change spelling from sha256 to sha256. - Drop modnssmigrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. ...

4.3CVSS6.5AI score0.99999EPSS
Exploits7References7
Amazon
Amazon
added 2016/05/18 12:0 a.m.48 views

Medium: nspr, nss-util, nss, nss-softokn

Issue Overview: A use-after-free flaw was found in the way NSS handled DHE DiffieHellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS,...

8.8CVSS9.3AI score0.02386EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/04/27 12:0 a.m.37 views

Oracle Linux 7 : nss, / nspr, / nss-softokn, / and / nss-util (ELSA-2016-0685)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0685 advisory. - Pick up upstream freebl patch for CVE-2015-2730 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

8.8CVSS7.4AI score0.03594EPSS
Exploits0References3
Rows per page
Query Builder