Lucene search
+L

191 matches found

Tenable Nessus
Tenable Nessus
added 2015/01/12 12:0 a.m.55 views

Debian DSA-3125-1 : openssl - security update (FREAK)

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2014-3569 Frank Schmirler reported that the ssl23getclienthello function in OpenSSL does not properly handle attempts ...

5CVSS7.5AI score0.98685EPSS
Exploits0References18
OSV
OSV
added 2015/01/11 12:0 a.m.58 views

DSA-3125-1 openssl - security update

Bulletin has no description...

5CVSS6.8AI score0.98685EPSS
Exploits0
NVD
NVD
added 2015/01/09 2:59 a.m.26 views

CVE-2014-3572

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5CVSS5.6AI score0.06574EPSS
Exploits0References37
Prion
Prion
added 2015/01/09 2:59 a.m.33 views

Code injection

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

4.3CVSS7.6AI score0.98685EPSS
Exploits0References66Affected Software1
UbuntuCve
UbuntuCve
added 2015/01/08 12:0 a.m.106 views

CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

4.3CVSS7AI score0.98685EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2015/01/08 12:0 a.m.45 views

CVE-2014-3572

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5CVSS6.8AI score0.06574EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/01/05 9:32 p.m.11 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update

An update for Red Hat JBoss Enterprise Web Platform 5.2.0 that provides a patch to mitigate the CVE-2014-3566 issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Red Hat JBoss Enterprise Web Platform is a...

4.3CVSS6.5AI score0.99999EPSS
Exploits7References4
FreeBSD
FreeBSD
added 2014/12/04 12:0 a.m.22 views

libzmq4 -- V3 protocol handler vulnerable to downgrade attacks

Pieter Hintjens reports: It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by sending a ZMTP v2 or earlier header. The library accepts such connections without applying its security mechanism...

4.3CVSS6.4AI score0.02529EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/12/04 12:0 a.m.264 views

Scientific Linux Security Update : nss, nss-util, and nss-softokn on SL5.x, SL6.x, SL7.x i386/x86_64 (20141202) (POODLE)

This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...

4.3CVSS6.2AI score0.99999EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2014/12/03 12:0 a.m.84 views

RHEL 5 / 6 / 7 : nss, nss-util, and nss-softokn (RHSA-2014:1948) (POODLE)

Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security...

4.3CVSS6.4AI score0.99999EPSS
Exploits7References3
Prion
Prion
added 2014/11/24 3:59 p.m.21 views

Code injection

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

5CVSS7AI score0.0209EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/11/24 3:0 p.m.51 views

CVE-2014-8627

CVE-2014-8627 affects PolarSSL 1.3.8 where signature algorithm negotiation is flawed, enabling downgrade-like scenarios via unspecified vectors. Public sources (NVD/NASL/Nessus/OpenVAS) describe downgrad e risk and context; a patch path is to upgrade to newer PolarSSL versions (e.g., 1.3.9) as no...

5CVSS6.5AI score0.0209EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2014/11/17 4:59 p.m.33 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS6.3AI score0.01867EPSS
Exploits0References2
OSV
OSV
added 2014/11/17 4:59 p.m.22 views

PYSEC-2014-80

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS3.1AI score0.01867EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/11/17 4:0 p.m.47 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

7.9AI score0.01867EPSS
Exploits0References2
OSV
OSV
added 2014/10/23 1:27 p.m.8 views

MGASA-2014-0416 Updated openssl packages fix security vulnerabilities

This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...

7.1CVSS4.1AI score0.99999EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2014/10/22 5:15 p.m.45 views

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Storage 2.1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

7.1CVSS6.6AI score0.99999EPSS
Exploits7References5
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.29 views

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20141016) (POODLE)

This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...

4.3CVSS6.3AI score0.99999EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2014/10/17 12:0 a.m.40 views

CentOS Update for openssl CESA-2014:1653 centos5

Check the version of openssl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882063";...

4.3CVSS6.2AI score0.99999EPSS
Exploits7References3
OpenVAS
OpenVAS
added 2014/10/17 12:0 a.m.35 views

CentOS Update for openssl CESA-2014:1652 centos7

Check the version of openssl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882062";...

7.1CVSS6.2AI score0.99999EPSS
Exploits7References3
Rows per page
Query Builder