Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM i2 Intelligence Analysis Platform (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of the IBM WebSphere Application Server used with the IBM i2 Intelligence Analysis Platform. The IBM HTTP Server used by IBM i2 Intelligence Analysis Platform is not affected. Vulnerability Details...

CVE-2021-4160

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

Mageia: Security Advisory (MGASA-2020-0469)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL -- BN_mod_exp incorrect results on MIPS

The OpenSSL project reports: BNmodexp may produce incorrect results on MIPS Moderate There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the...

Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater)

The remote SSH server is supporting Diffie-Hellman ephemeral DHE Key Exchange KEX algorithms and thus could be prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)

The remote SSL/TLS server is supporting Diffie-Hellman ephemeral DHE Key Exchange algorithms and thus could be prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Oracle Database Protection Mechanism Bypass

Advisory ID: SYSS-2021-061 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Protection Mechanism Failure CWE-693 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07 Public...

CVE-2002-20001

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEat or DHEater attack. The client needs very little CPU resources...

Diffie-Hellman Key Agreement Protocol 资源管理错误漏洞

The Diffie-Hellman Key Agreement Protocol is a key negotiation protocol. It was originally described in Diffie and Hellman's seminal paper on public key cryptography. The key negotiation protocol allows Alice and Bob to exchange public key values and securely compute a shared key K based on...

PT-2021-8284 · Unknown · Diffie-Hellman Key Agreement Protocol

Name of the Vulnerable Software and Affected Versions: Diffie-Hellman Key Agreement Protocol affected versions not specified Description: The Diffie-Hellman Key Agreement Protocol allows remote attackers to send arbitrary numbers that are not public keys, triggering expensive server-side DHE...

CVE-2002-20001

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEat or DHEater attack. The client needs very little CPU resources...

CVE-2002-20001

CVE-2002-20001 describes a Diffie-Hellman key exchange weakness where a remote attacker (from the client side) can send non-public values to induce expensive server-side DHE modular-exponentiation, potentially impacting availability. The description specifies that the attack is most disruptive wh...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects the IBM Installation Manager and IBM Packaging Utility (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects the IBM Installation Manager and IBM Packaging Utility. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information,...

Exploit for Origin Validation Error in Solarwinds Dameware_Mini_Remote_Control

CVE-2019-3980 CVE-2019-3980 exploit written in win32/c++ open...

Security Bulletin: Vulnerabilities in libssh2 affect Power Hardware Management Console (CVE-2016-0787)

Summary libssh2 is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the...

Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)

The remote SSH server is configured to allow / support weak key exchange KEX algorithms. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

ARM mbed TLS denial of service vulnerability

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. ARM mbed TLS suffers from a denial of service vulnerability that stems from an unrestricted calculation performed by mbedtlsmpiexpmod. An attacker could exploit this vulnerability to provide...

CVE-2020-36475

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs...

DEBIAN-CVE-2020-36475

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs...