76 matches found
CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...
Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
Overview Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Description CWE-325: Missi...
Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition, and Logjam affect WebSphere Application Server shipped with SmartCloud Provisioning
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 that is used by WebSphere Application Server shipped with IBM SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Tivoli Composite Application Manager for Transactions. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information,...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows-based deployments. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...
ProFTPD < 1.3.5b / 1.3.6x < 1.3.6rc2 weak Diffie-Hellman key
The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5b or 1.3.6x prior to 1.3.6rc2 and is affected by an issue in the modtls module, which might cause a weaker than intended...
Encrypted Exploit Delivery For The Masses: Ironsquirrel
This project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve Diffie-Hellman secp256k1 is used for key agreement and AES is used for encryption. By delivering the exploit code and shellcode to the victim in an encrypted way, the attack can not be...
DEBIAN-CVE-2017-8855
wolfSSL before 3.11.0 does not prevent wcDhAgree from accepting a malformed DH key...
Simple OpenVPN Raspberry Pi Installer: piVPN
Simple OpenVPN Raspberry Pi Installer This is a set of shell scripts that serve to easily turn your Raspberry Pi TM into a VPN server using the free, open-source OpenVPN software. The master branch of this script installs and configures OpenVPN on Raspbian Jessie and has been tested on Ubuntu 14....
SUSE-SU-2016:1618-1 Security update for mysql
This update for mysql fixes the following issues: - bsc959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length to 2048 bits used in vio/viosslfactories.c for...
CVE-2016-3125
The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
Turing Award — Inventors of Modern Cryptography Win $1 Million Cash Prize
And the Winners of this year's Turing Award are: Whitfield Diffie and Martin E. Hellman. The former chief security officer at Sun Microsystems Whitfield Diffie and the professor at Stanford University Martin E. Hellman won the 2015 ACM Turing Award, which is frequently described as the "Nobel Pri...
CVE-2016-0701
The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...
2696-1: OpenJDK 7 vulnerabilities
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732,...
Apple Releases dozens of Security Updates to Fix OS X and iOS Flaws
Apple has released updates to patch dozens of security vulnerabilities in iOS and OS X Yosemite operating system. The updates include iOS 8.4 version of the mobile operating system, OS X Yosemite 10.10.4 and Security Update 2015-005. iOS 8.4 Update The iOS 8.4 update includes patches for over 20...
RHEL 5 : openssl (RHSA-2015:1197) (Logjam)
Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available fo...
nss security update
CentOS Errata and Security Advisory CESA-2015:1185 Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact...
PuTTY < 0.64 Multiple Information Disclosure Vulnerabilities
The remote host has a version of PuTTY installed that is prior to 0.64. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to a failure to clear SSH-2 private key information from the memory during the saving or loading of key files to...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383)
It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216 , CVE-2014-4219 A format string flaw was discovered in the Hotsp...
Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20140916)
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. CVE-2013-1740 A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker coul...