Lucene search
K

76 matches found

UbuntuCve
UbuntuCve
added 2018/08/07 12:0 a.m.35 views

CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

8CVSS7.1AI score0.00802EPSS
Exploits1References8
CERT
CERT
added 2018/07/23 12:0 a.m.585 views

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Overview Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Description CWE-325: Missi...

8CVSS6.3AI score0.00802EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.34 views

Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition, and Logjam affect WebSphere Application Server shipped with SmartCloud Provisioning

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 that is used by WebSphere Application Server shipped with IBM SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam...

5.5CVSS0.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:3 p.m.28 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Tivoli Composite Application Manager for Transactions. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information,...

4.3CVSS1.2AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.25 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...

4.3CVSS0.1AI score0.9986EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/02/12 12:0 a.m.38 views

ProFTPD < 1.3.5b / 1.3.6x < 1.3.6rc2 weak Diffie-Hellman key

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5b or 1.3.6x prior to 1.3.6rc2 and is affected by an issue in the modtls module, which might cause a weaker than intended...

7.5CVSS7.2AI score0.06979EPSS
Exploits0References2
n0where
n0where
added 2017/09/19 6:33 a.m.19 views

Encrypted Exploit Delivery For The Masses: Ironsquirrel

This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman secp256k1 is used for key agreement and AES is used for encryption. By delivering the exploit code and shellcode to the victim in an encrypted way, the attack can not be...

7.2AI score
Exploits0References2
OSV
OSV
added 2017/05/09 8:29 p.m.4 views

DEBIAN-CVE-2017-8855

wolfSSL before 3.11.0 does not prevent wcDhAgree from accepting a malformed DH key...

7.5CVSS7.5AI score0.01118EPSS
Exploits0References1
n0where
n0where
added 2017/02/16 6:48 a.m.25 views

Simple OpenVPN Raspberry Pi Installer: piVPN

Simple OpenVPN Raspberry Pi Installer This is a set of shell scripts that serve to easily turn your Raspberry Pi TM into a VPN server using the free, open-source OpenVPN software. The master branch of this script installs and configures OpenVPN on Raspbian Jessie and has been tested on Ubuntu 14....

7.3AI score
Exploits0References2
OSV
OSV
added 2016/06/17 2:57 p.m.11 views

SUSE-SU-2016:1618-1 Security update for mysql

This update for mysql fixes the following issues: - bsc959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length to 2048 bits used in vio/viosslfactories.c for...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References4
OSV
OSV
added 2016/04/05 8:59 p.m.8 views

CVE-2016-3125

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

7.5CVSS7.6AI score
Exploits0References10
The Hacker News
The Hacker News
added 2016/03/02 6:38 a.m.19 views

Turing Award — Inventors of Modern Cryptography Win $1 Million Cash Prize

And the Winners of this year's Turing Award are: Whitfield Diffie and Martin E. Hellman. The former chief security officer at Sun Microsystems Whitfield Diffie and the professor at Stanford University Martin E. Hellman won the 2015 ACM Turing Award, which is frequently described as the "Nobel Pri...

6.7AI score
Exploits0
OSV
OSV
added 2016/02/15 2:59 a.m.9 views

CVE-2016-0701

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

3.7CVSS5.9AI score
Exploits0References24
Ubuntu
Ubuntu
added 2015/07/30 7:36 a.m.9 views

2696-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732,...

10CVSS5.6AI score0.9986EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2015/07/01 8:46 p.m.11 views

Apple Releases dozens of Security Updates to Fix OS X and iOS Flaws

Apple has released updates to patch dozens of security vulnerabilities in iOS and OS X Yosemite operating system. The updates include iOS 8.4 version of the mobile operating system, OS X Yosemite 10.10.4 and Security Update 2015-005. iOS 8.4 Update The iOS 8.4 update includes patches for over 20...

8.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/06/30 12:0 a.m.52 views

RHEL 5 : openssl (RHSA-2015:1197) (Logjam)

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available fo...

7.5CVSS7.2AI score0.9986EPSS
Exploits1References8
Cent OS
Cent OS
added 2015/06/25 10:23 a.m.81 views

nss security update

CentOS Errata and Security Advisory CESA-2015:1185 Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact...

4.3CVSS6.1AI score0.9986EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2015/03/06 12:0 a.m.46 views

PuTTY < 0.64 Multiple Information Disclosure Vulnerabilities

The remote host has a version of PuTTY installed that is prior to 0.64. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to a failure to clear SSH-2 private key information from the memory during the saving or loading of key files to...

2.1CVSS5.9AI score0.00585EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.42 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383)

It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216 , CVE-2014-4219 A format string flaw was discovered in the Hotsp...

9.3CVSS7.1AI score0.06118EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2014/09/29 12:0 a.m.52 views

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20140916)

A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. CVE-2013-1740 A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker coul...

10CVSS7.9AI score0.06381EPSS
Exploits5References6
Rows per page
Query Builder