EulerOS 2.0 SP1 : libssh2 (EulerOS-SA-2016-1005)

According to the version of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchan...

Invalid Curve Attack

github.com/square/go-jose is vulnerable to invalid curve attacks. These attacks are possible when using key agreement with Elliptic Curve Diffie-Hellman Ephemeral Static ECDH-ES, allowing attackers to recover the private secret key...

Invalid Curve Attack

github.com/dvsekhvalnov/jose2go is vulnerable to invalid curve attacks. These attacks are possible when using key agreement with Elliptic Curve Diffie-Hellman Ephemeral Static ECDH-ES, allowing attackers to recover the private secret key...

Information Disclosure

OpenSSL is vulnerable to information disclosure. The library contains a carry propagation bug during the montgomery squaring procedure. This makes it easier for a malicious user to obtain sensitive private key information from the Diffie-Hellman Ciphersuite as the attack can be conducted offline...

Invalid Curve Attack

Overview Affected versions of node-jose are vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static ECDH-ES is used. Proof of Concept Recommendation Update to version 0.9.3 or...

CVE-2016-6882

MatrixSSL before 3.8.7, when the DHERSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack...

OpenSSL Null Pointer Indirect Reference Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to implement strong encryption for network communications. OpenSSL suffers from a denial of service vulnerability. A denial of service results due to a malicious server that provides malformed parameters to the DHE or ECDHE key exchange, allowi...

Simple OpenVPN Raspberry Pi Installer: piVPN

Simple OpenVPN Raspberry Pi Installer This is a set of shell scripts that serve to easily turn your Raspberry Pi TM into a VPN server using the free, open-source OpenVPN software. The master branch of this script installs and configures OpenVPN on Raspbian Jessie and has been tested on Ubuntu 14....

GLSA-201702-07 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201702-07 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker is able to crash applications linked...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible when the client authentication and ephemeral Diffie-Hellman ciphersuite are enabled. They can be triggered through the use of a ClientKeyExchange with a length of zero...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious Diffie-Hellman ServerKeyExchange message to the system to cause a segmentation fault that can lead to the system crashing...

Information Disclosure

OpenSSL is vulnerable to information disclosure. The library contains a carry propagation bug during the montgomery squaring procedure. This makes it easier for a malicious user to obtain sensitive private key information from the Diffie-Hellman and Diffie-Hellman Ephemereal Ciphersuites...

DEBIAN-CVE-2016-2217

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret...

UBUNTU-CVE-2016-2217

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret...

Weak Diffie-Hellman Handshake Due To Truncated Secret Length

libssh2 is vulnerable to weak handshakes. The vulnerability happens because diffiehellmansha256 function in kex.c in libssh2 generates secret key of length 128 or 256 bits instead of 1023 or 2047 bits, allowing the attackers to intercept or decrypt SSH sessions using bits/bytes confusion bug...

RUSTSEC-2017-0001 scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

UBUNTU-CVE-2017-3732

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

UBUNTU-CVE-2016-6271

The Bzrtp library aka libbzrtp 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception...