Lucene search
K

1332 matches found

OSV
OSV
added 2023/07/19 12:15 p.m.6 views

AZL-47646 CVE-2023-3446 affecting package hvloader for versions less than 1.0.1-6

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS6.5AI score0.05533EPSS
Exploits0References1
OSV
OSV
added 2023/07/19 12:15 p.m.3 views

ALPINE-CVE-2023-3446

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS7AI score0.05533EPSS
Exploits0References1
OSV
OSV
added 2023/07/19 12:15 p.m.3 views

UBUNTU-CVE-2023-3446

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS6.6AI score0.05533EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.4 views

OpenSSL 安全漏洞

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

5.3CVSS6.4AI score0.05533EPSS
Exploits0References22
Amazon
Amazon
added 2023/07/19 12:0 a.m.3 views

Important: nodejs

Issue Overview: The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please no...

7.5CVSS7.3AI score0.03906EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.6 views

PT-2023-4551

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 41.0.3 Description The issue is related to the functions DH check, DH check ex, and EVP PKEY param check in the OpenSSL library. These functions can cause long delays when checking excessively long DH keys or...

10CVSS8.2AI score0.95764EPSS
Exploits11References451
SUSE CVE
SUSE CVE
added 2023/06/22 2:38 a.m.3 views

SUSE CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

5.3CVSS8.2AI score0.01462EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.5 views

PT-2023-4527 · Node.Js +10 · Node.Js +10

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the...

9.8CVSS6.5AI score0.87211EPSS
Exploits5References195
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.42 views

openSUSE 15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:2470-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2470-1 advisory. - Update to version 3.0.8 bsc1207541. - CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular-exponentiation with long exponents ...

7.5CVSS6.9AI score0.73461EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.56 views

Siemens SCALANCE W1750D Uncontrolled Resource Consumption (CVE-2002-20001)

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular- exponentiation calculations, aka a DHEater attack. The client needs very little CPU resources and...

7.5CVSS6.8AI score0.23061EPSS
Exploits1References12
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.4 views

libspdm 授权问题漏洞

libspdm is a DMTF open source example implementation that follows the DMTF SPDM specification. A security vulnerability exists in libspdm versions prior to 2.3.1, which stems from the fact that if a device supports both DHE session and PSK session authentication, an attacker may be able to...

9CVSS7.8AI score0.00943EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.36 views

Security Bulletin: Vulnerabilities in OpenSSL, including Logjam, affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM Flex System FC43171 8Gb SAN Switchand SAN Pass-thru firmware, QLogic 8Gb...

7.5CVSS6.7AI score0.9986EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.48 views

Security Bulletin: Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Integrated Management Module II IMM2. Vulnerability Details Summary OpenSSL...

8.5CVSS9.2AI score0.9986EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.35 views

Security Bulletin: IBM Integrated Management Module (IMM) is affected by multiple vulnerabilities in OpenSSL including Logjam

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM BladeCenter Integrated Management Module IMM for System x and BladeCenter...

7.5CVSS7.8AI score0.9986EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.18 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM SAN Volume Controller and Storwize Family (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM SAN Volume Controller and Storwize Family Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by th...

4.3CVSS4AI score0.9986EPSS
Exploits1Affected Software5
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.10 views

Linux: BSI TR-02102-4 3.3 Key Exchange Methods

When establishing the SSH connection, keys are exchanged in order to create and exchange shared session keys for authentication and encryption. The following key exchange methods are recommended: diffie-hellman-group-exchange-sha256, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512,...

5.9AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/26 1:4 a.m.53 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS2900 (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects TS2900. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPO...

4.3CVSS3.7AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/25 12:48 a.m.50 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3100/TS3200 (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects TS3100/TS3200. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a...

4.3CVSS3.8AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/25 12:44 a.m.49 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3100/TS3200 (CVE-2015-4000)

...

4.3CVSS3.2AI score0.9986EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2023/03/17 2:42 p.m.18 views

russh may use insecure Diffie-Hellman keys

Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $eDH Public Key values MUST be checked and both conditions: - $1...

5.9CVSS6AI score0.00617EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder