CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1321 matches found

UbuntuCve•added 2018/06/04 12:0 a.m.•37 views

CVE-2016-1000346

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are...

4.3CVSS6.7AI score0.02284EPSS

Exploits0References2

OSV•added 2018/06/04 12:0 a.m.•1 views

UBUNTU-CVE-2016-1000346

3.7CVSS6.7AI score0.02284EPSS

Exploits0References3

RedHat Linux•added 2018/04/10 11:21 a.m.•3 views

openssl: bn_sqrx8x_internal carry bug on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

6.5CVSS6.8AI score0.10133EPSS

Exploits0References5

RedHat Linux•added 2018/04/10 11:21 a.m.•4 views

openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

5.9CVSS6.8AI score0.13411EPSS

Exploits0References5

Tenable Nessus•added 2018/02/12 12:0 a.m.•38 views

ProFTPD < 1.3.5b / 1.3.6x < 1.3.6rc2 weak Diffie-Hellman key

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5b or 1.3.6x prior to 1.3.6rc2 and is affected by an issue in the modtls module, which might cause a weaker than intended...

7.5CVSS7.2AI score0.06979EPSS

Exploits0References2

OSV•added 2018/02/07 11:29 p.m.•2 views

DEBIAN-CVE-2018-6829

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional...

7.5CVSS7.3AI score0.01811EPSS

Exploits1References1

RedhatCVE•added 2018/02/06 5:19 a.m.•56 views

CVE-2018-6594

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...

7.5CVSS4AI score0.0211EPSS

Exploits1References2

Veracode•added 2018/02/06 3:17 a.m.•13 views

Weak ElGamal Cryptography

Pycryptodome uses weak ElGamal cryptography. Due to an incorrect implementation of ElGamal, the Decisional Diffie-Hellman DDH assumption doesnt hold because of the way the key parameters are generated. This allows attackers who have access to the cipher-text to decrypt the messages and potentiall...

6.8AI score

Exploits0

Veracode•added 2018/02/06 12:58 a.m.•24 views

Weak ElGamal Parameters

PyCrypto uses weak ElGamal cryptography. Due to an incorrect implementation of ElGamal, the Decisional Diffie-Hellman DDH assumption doesn't hold because of the way the key parameters are generated. This allows attackers who have access to the cipher-text to decrypt the messages and potentially...

7.5CVSS7.5AI score0.0211EPSS

Exploits1References9Affected Software2

PyPA•added 2018/02/03 3:29 p.m.•6 views

PYSEC-2018-97

7.5CVSS6.5AI score0.0211EPSS

Exploits1References7Affected Software1

Prion•added 2018/02/03 3:29 p.m.•17 views

Information disclosure

5CVSS7.1AI score0.0211EPSS

Exploits1References6Affected Software3

OSV•added 2018/02/03 3:29 p.m.•2 views

DEBIAN-CVE-2018-6594

7.5CVSS7.6AI score0.0211EPSS

Exploits1References1

UbuntuCve•added 2018/02/03 12:0 a.m.•25 views

CVE-2018-6594

7.5CVSS7.1AI score0.0211EPSS

Exploits1References4

OSV•added 2018/02/03 12:0 a.m.•5 views

UBUNTU-CVE-2018-6594

7.5CVSS7.2AI score0.0211EPSS

Exploits1References5

Tenable Nessus•added 2018/01/29 12:0 a.m.•1812 views

Weak DH Key Exchange Supported (PCI DSS)

At least one of the services on the remote host supports a Diffie-Hellman key exchange using a public modulus smaller than 2048 bits. Diffie-Hellman key exchanges with keys smaller than 2048 bits do not meet the PCI definition of strong cryptography as specified by NIST Special Publication 800-57...

4.3CVSS7.2AI score0.9986EPSS

Exploits1References2

Symantec•added 2018/01/16 8:0 a.m.•55 views

SA159: OpenSSL Vulnerabilities 7-Dec-2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to two security vulnerabilities. A remote attacker can obtain Diffie-Hellman private key information and sensitive information accidentally transmitted in plaintext over an SSL/TLS connection. AFFECTED...

4.3CVSS0.5AI score0.78675EPSS

Exploits1Affected Software9

Prion•added 2017/12/13 4:29 p.m.•17 views

Information disclosure

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS...

4.3CVSS5.5AI score0.01571EPSS

Exploits0References3Affected Software2

OSV•added 2017/12/13 4:29 p.m.•6 views

CVE-2017-17549

5.9CVSS5.8AI score0.01571EPSS

Exploits0References3