Lucene search
+L

197 matches found

ibm
ibm
added 2018/06/16 9:41 p.m.43 views

Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available

Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance Vulnerability Details CVEID: CVE-2016-0327 DESCRIPTION: IBM Security Identity Manager Virtual Appliance could allow a local user to injection commands that would be...

10CVSS1AI score0.82112EPSS
Exploits2Affected Software1
ibm
ibm
added 2018/06/16 9:40 p.m.60 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM QRadar SIEM and QRadar Incident Forensics.

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM QRadar SIEM and Incident Forensics. IBM QRadar SIEM and Incident Forensics has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened encryption"...

10CVSS1.3AI score0.82112EPSS
Exploits2Affected Software1
ibm
ibm
added 2018/06/16 9:40 p.m.51 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Guardium. IBM Security Guardium has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Detail...

5.9CVSS0.5AI score0.82112EPSS
Exploits2Affected Software1
ibm
ibm
added 2018/06/16 9:40 p.m.51 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Network Protection. IBM Security Network Protection has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability...

10CVSS2.1AI score0.82112EPSS
Exploits2Affected Software1
ibm
ibm
added 2018/06/15 7:5 a.m.117 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MQ Appliance

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Details CVEID:...

5.9CVSS2.2AI score0.82112EPSS
Exploits2Affected Software1
nessus
nessus
added 2018/02/28 12:0 a.m.91 views

Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to...

5.9CVSS8.1AI score0.82112EPSS
Exploits2References7
threatpost
threatpost
added 2017/12/13 2:33 p.m.36 views

19-Year-Old TLS Vulnerability Weakens Website Crypto

A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key. The vulnerability is foun...

10CVSS0.3AI score0.95707EPSS
Exploits15References7
nessus
nessus
added 2017/05/16 12:0 a.m.81 views

F5 Networks BIG-IP : OpenSSL vulnerability (K23196136) (DROWN)

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS8.1AI score0.82112EPSS
Exploits2References2
nessus
nessus
added 2017/05/01 12:0 a.m.49 views

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote...

9.8CVSS7.6AI score0.82112EPSS
Exploits3References5
veracode
veracode
added 2017/01/27 8:38 a.m.42 views

DROWN Attack

OpenSSL is vulnerable to the DROWN attack. The DROWN attack is also known as a Bleichenbacher RSA padding oracle. This vulnerability allows a malicious user to recover a session key from SSL2.0 connections, allowing them to decrypt such connections...

5.9CVSS7.6AI score0.82112EPSS
Exploits2References64Affected Software4
openvas
openvas
added 2016/11/29 12:0 a.m.69 views

Extreme ExtremeXOS DROWN Vulnerability (VN-2016-004)

Extreme ExtremeXOS is prone to the OpenSSL SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:extremenetworks:exos"; if description...

7.4AI score
Exploits0References1
nessus
nessus
added 2016/11/10 12:0 a.m.285 views

Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the getclientmasterkey function within file s2srvr.c, due ...

10CVSS8.9AI score0.82112EPSS
Exploits3References15
threatpost
threatpost
added 2016/10/03 8:45 a.m.10 views

Mozilla Reduces Threat of Export-Grade Crypto to Firefox

Logjam was one of several downgrade attacks discovered in the last 18 months that could theoretically allow a resourced attacker to take advantage of lingering export-grade cryptography to read and modify data over a supposedly secure connection. While the severity of this particular attack again...

7AI score
Exploits0References8
hackerone
hackerone
added 2016/09/07 5:41 p.m.61 views

Internet Bug Bounty: SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

This is a DROWN-related issue that essentially circumvented the instructions on how to disable SSLv2 at the time. Its primary effect was that a lot of servers were vulnerable to DROWN even though they thought they had SSLv2 disabled. It was reported to OpenSSL and fixed in versions 1.0.2f and...

4.3CVSS7AI score0.10731EPSS
Exploits2
hackerone
hackerone
added 2016/09/07 5:34 p.m.63 views

Internet Bug Bounty: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

General DROWN was responsibly disclosed to the OpenSSL team prior to the public disclosure. This OpenSSL blog post, by Viktor Dukhovni and Emilia Käsper, describes the vulnerability: https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/ This is probably a good opportunity ...

4.3CVSS7.8AI score0.82112EPSS
Exploits2
nessus
nessus
added 2016/08/12 12:0 a.m.67 views

FreeBSD : FreeBSD -- Multiple OpenSSL vulnerabilities (7b1a4a27-600a-11e6-a6c3-14dae9d210b8) (DROWN)

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting...

10CVSS7.2AI score0.82112EPSS
Exploits2References9
kitploit
kitploit
added 2016/08/06 2:46 p.m.596 views

A2SV - Auto Scanning to SSL Vulnerability

█████╗ ██████╗ ███████╗██╗ ██╗ ██╔══██╗╚════██╗██╔════╝██║ ██║ ███████║ █████╔╝███████╗██║ ██║ .o oOOOOOOOo ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝ OOOo Ob.OOOOOOOo O ██║ ██║███████╗███████║ ╚████╔╝ .adOOOOOOO OboO'''''''''' ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ''''''''''OO OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo...

7.5CVSS7.2AI score0.99999EPSS
Exploits102References6
nessus
nessus
added 2016/08/05 12:0 a.m.41 views

OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m / 1.0.2 < 1.0.2a Information Disclosure (DROWN)

Binary data 9462.prm...

5.9CVSS6.4AI score0.06903EPSS
Exploits1References3
threatpost
threatpost
added 2016/08/03 10:0 a.m.14 views

Export-Grade Crypto Patching Improves

LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...

0.2AI score
Exploits0References4
redhat
redhat
added 2016/07/27 3:28 p.m.85 views

Critical: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.6 update

Red Hat JBoss Operations Network 3.3 update 6, which fixes two security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which...

9.8CVSS7.2AI score0.82112EPSS
Exploits2References45
Rows per page
Query Builder