UBUNTU-CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys...

CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys...

CVE-2012-2130

CVE-2012-2130 affects PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption issue in DH and RSA key generation, leading to a Security Bypass. Public advisories (SUSE, UBuntu, Gentoo GLSA 201310-10, Gentoo NASL) confirm the same vector and impact across multiple distributions. The root cause is...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere Cast Iron (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM WebSphere Cast Iron Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

Cryptovenom - The Cryptography Swiss Army Knife

CryptoVenom: The Cryptography Swiss Army knife What is CryptoVenom? CryptoVenom is an OpenSource tool which contains a lot of cryptosystems and cryptoanalysis methods all in one, including classical algorithms, hash algorithms, encoding algorithms, logic gates, mathematical functions, modern...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Netezza PureData System for Analytics (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Netezza PureData System for Analytics. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

Scientific Linux Security Update : linux-firmware on SL7.x x86_64 (20190806)

Security Fixes : - kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange CVE-2018-5383 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128239;...

USN-4095-2 linux-lts-xenial, linux-aws vulnerabilities

USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as the Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange...

kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity within 30 meters to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure,...

CVE-2019-14332

CVE-2019-14332 affects D-Link 6600-AP and DWL-3600AP (Ax 4.2.0.14). The issue is the use of weak SSH ciphers (e.g., diffie-hellman-group1-sha1) in affected firmware. Evidence in multiple sources confirms the vulnerability details and affected devices; some sources also reference related SSH brute...

nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

SIAM Conference on Applied Algebraic Geometry 2019 - Isogenies mini-symposium

So here we are in the nice city of Bern, in the Teutonic Switzerland, for SIAM Conference on Applied Algebraic Geometry 2019 that this year counts more than 750 attendees! The weather is warm enough but the isogenies topic has never been so hot! So for this occurrence of the conference Tanja Lang...

libssh2 Input Validation Error Vulnerability

libssh2 is a client-side C library that implements the SSH2 protocol, which is capable of executing remote commands, file transfers, and providing a secure transmission channel for remote programs. An input validation error vulnerability exists in the...

UBUNTU-CVE-2019-13115

In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or caus...

CVE-2019-6629

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to...

openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

Using Ed25519 signing keys for encryption

@Benjojo12 and I are building an encryption tool that will also support SSH keys as recipients, because everyone effectively already publishes their SSH public keys on GitHub. For RSA keys, this is dangerous but straightforward: a PKCS1 v1.5 signing key is the same as an OAEP encryption key...

EulerOS Virtualization 3.0.1.0 : libssh2 (EulerOS-SA-2019-1429)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and...