1321 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-1000346
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be us...
CVE-2025-52585
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...
F5 Networks BIG-IP : BIG-IP Client SSL profile vulnerability (K000141436)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6 / 17.1.2.2. It is, therefore, affected by a vulnerability as referenced in the K000141436 advisory. When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled a...
CVE-2025-52585
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...
CVE-2025-52585
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...
CVE-2025-52585 BIG-IP Client SSL profile vulnerability
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...
K000141436: BIG-IP Client SSL profile vulnerability CVE-2025-52585
Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-52585 Impact Traffic i...
PT-2025-33003 · F5 · F5 Big-Ip Ltm
Name of the Vulnerable Software and Affected Versions: F5 BIG-IP LTM affected versions not specified Description: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause...
Linux Distros Unpatched Vulnerability : CVE-2020-36424
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key for RSA or static Diffie-Hellman via a side-channel attack against...
Linux Distros Unpatched Vulnerability : CVE-2020-36475
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited;...
CVE-2025-8556
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...
DEBIAN-CVE-2025-8556
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...
UBUNTU-CVE-2025-8556
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...
CVE-2025-8556
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. Mitigation Mitigation for this issue is either not availabl...
OESA-2025-1802 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications th...
OESA-2025-1747 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications th...
TencentOS Server 4: openssl (TSSA-2024:0532)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0532 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Low-order Point Validation Failure
github.com/cloudflare/circl is vulnerable to low-order point validation failure. The vulnerability is due to the failure to validate user-supplied low-order points during the Diffie-Hellman key exchange, which can allow attackers to force the identity point and compromise session security...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation due to the improper validation of user-supplied low-order points during the Diffie-Hellman key exchange process. An attacker can compromise session security by forcing the identity point. Additionally, incorrec...
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results
Impact The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security. Moreover, there is an incorrect point validation in ScalarMult can lead to...