CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1321 matches found

RedHat Linux•added 2014/07/16 5:18 a.m.•58 views

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

9.3CVSS7AI score0.06118EPSS

Exploits1References14

Tenable Nessus•added 2014/06/13 12:0 a.m.•40 views

openSUSE Security Update : lighttpd (openSUSE-2012-110)

added lighttpd-1.4.30headfixes.patch: cherry picked 4 fixes from HEAD : - ssl include more headers explicitly - list all network handlers in lighttpd -V fixes lighttpd2376 - Move fdevent subsystem includes to implementation files to reduce conflicts fixes lighttpd2373 - ssl fix segfault in...

5CVSS6.4AI score0.16246EPSS

Exploits8References2

Tenable Nessus•added 2014/05/15 12:0 a.m.•37 views

Citrix NetScaler Multiple Vulnerabilities (CTX140651)

The remote Citrix NetScaler version is affected by multiple vulnerabilities : - A low quality random number generation is used to produce secret key values in the implementation of the Diffie-Hellman key exchange algorithm in the management GUI Java applet. Publicly known predictors exist for the...

10CVSS5.5AI score0.01855EPSS

Exploits0References5

securityvulns•added 2014/05/07 12:0 a.m.•27 views

Citrix Netscaler security vulnerabilities

Weak Diffie-Hellman protocol implementation, lack of SSL cerificate check...

10CVSS2.6AI score0.01855EPSS

Exploits0References2Affected Software1

securityvulns•added 2014/05/07 12:0 a.m.•77 views

CVE-2014-2881 - Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler

Vulnerability title: Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler CVE: CVE-2014-2881 Vendor: Citrix Product: Netscaler Affected version: All prior to 10.1-122.17/9.3-66.5 Fixed version: 10.1-122.17/9.3-66.5 Reported by: Graham Sutherland Details: The remote...

10CVSS6.3AI score0.01855EPSS

Exploits0

ThreatPost•added 2014/05/06 1:11 p.m.•12 views

TLS 1.3 Has Consensus to Deprectate RSA Key Transport

The IETF working group responsible for the TLS 1.3 standard is closing in on a decision to remove RSA key transport cipher suites from the protocol. Decades-old RSA-based handshakes don’t cut it anymore, according to experts, who are anxious to put a modern protocol in place, one that can fend of...

0.3AI score

Exploits0References6

NVD•added 2014/05/01 5:28 p.m.•26 views

CVE-2014-2881

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors...

10CVSS6.5AI score0.01855EPSS

Exploits0References2

Prion•added 2014/05/01 5:28 p.m.•18 views

Design/Logic Flaw

10CVSS7.1AI score0.01855EPSS

Exploits0References2Affected Software2

Cvelist•added 2014/05/01 2:0 p.m.•29 views

CVE-2014-2881

6.5AI score0.01855EPSS

Exploits0References2

CVE•added 2014/05/01 2:0 p.m.•63 views

CVE-2014-2881

The CVE-2014-2881 issue affects Citrix NetScaler devices (ADC and NetScaler Gateway) where the Diffie-Hellman key exchange in the management GUI Java applet uses a weak RNG. The root cause is use of java.util.Random to generate secret values, with known predictors and small seed sizes (32/48 bits...

10CVSS6.7AI score0.01855EPSS

Exploits0References2Affected Software3

ThreatPost•added 2014/03/04 2:45 p.m.•16 views

Triple Handshake TLS Attacks Target Resumption, Renegotiation

A team of researchers has published a paper that explains a number of attacks against websites and Web-based applications running TLS. The researchers’ techniques do not exploit implementation errors, the most common attack vector against encryption securing online communication, instead focus on...

0.7AI score

Exploits0References1

NVD•added 2014/02/06 5:44 a.m.•23 views

CVE-2014-1491

Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS9.4AI score0.04664EPSS

Exploits1References32

OSV•added 2014/02/06 5:44 a.m.•1 views

DEBIAN-CVE-2014-1491

4.3CVSS6.8AI score0.04664EPSS

Exploits1References1

OSV•added 2014/02/06 5:44 a.m.•8 views

CVE-2014-1491

9.4AI score

Exploits0References40

Prion•added 2014/02/06 5:44 a.m.•34 views

Authentication flaw

4.3CVSS7AI score0.04664EPSS

Exploits1References32Affected Software14

ATTACKERKB•added 2014/02/06 5:44 a.m.•3 views

CVE-2014-1491

4.3CVSS7.5AI score0.04664EPSS

Exploits1References33

Cvelist•added 2014/02/06 2:0 a.m.•27 views

CVE-2014-1491

9.5AI score0.04664EPSS

Exploits1References32

CVE•added 2014/02/06 2:0 a.m.•15485 views

CVE-2014-1491

CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS

4.3CVSS8.4AI score0.04664EPSS

Exploits1References32Affected Software4