Lucene search
+L

89 matches found

securityvulns
securityvulns
added 2015/08/24 12:0 a.m.129 views

ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2015-081 CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 Severity...

7.5CVSS1AI score0.98685EPSS
Exploits3
Prion
Prion
added 2015/08/20 10:59 a.m.36 views

Code injection

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...

5CVSS6.8AI score0.06574EPSS
Exploits2References2Affected Software2
NVD
NVD
added 2015/08/20 10:59 a.m.32 views

CVE-2015-0533

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...

7.5CVSS5.9AI score0.00801EPSS
Exploits2References2
CVE
CVE
added 2015/08/20 10:0 a.m.91 views

CVE-2015-0533

CVE-2015-0533 concerns EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x prior to 4.0.8 and 4.1.x prior to 4.1.3, and RSA BSAFE SSL-C 2.8.9 and earlier. It allows remote SSL servers to perform an ECDHE-to-ECDH downgrade by omitting the ServerKeyExchange message, potentially harming forward secrecy. T...

7.5CVSS6.8AI score0.00801EPSS
Exploits2References2Affected Software2
Cvelist
Cvelist
added 2015/08/20 10:0 a.m.38 views

CVE-2015-0533

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...

6.1AI score0.00801EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2015/07/27 12:0 a.m.35 views

openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)

libressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed : - CVE-2014-3570: The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1...

7.5CVSS8.1AI score0.9986EPSS
Exploits2References33
ThreatPost
ThreatPost
added 2015/06/30 12:42 p.m.11 views

Amazon Releases S2N TLS Crypto Implementation to Open Source

Amazon today released to open source its own TLS implementation called s2n, which stands for signal to noise. While admittedly not meant to be a replacement for OpenSSL, for example, s2n is a slimmed-down crypto implementation analogous to libssl, the OpenSSL library that supports TLS. Amazon chi...

7.3AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2015/05/27 12:0 a.m.29 views

SUSE SLED12 / SLES12 Security Update : MozillaFirefox / mozilla-nss (SUSE-SU-2014:1510-1)

update to Firefox 31.2.0 ESR bnc900941 - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 bmo1001994, bmo1011354, bmo1018916, bmo1020034, bmo1023035, bmo1032208, bmo1033020, bmo1034230, bmo1061214, bmo1061600, bmo1064346, bmo1072044, bmo1072174 Miscellaneous memory safety hazards rv:33.0/rv:31.2 - MFSA...

7.5CVSS7.6AI score0.1617EPSS
Exploits1References23
Oracle linux
Oracle linux
added 2015/02/26 12:0 a.m.84 views

openssl security update

0.9.8e-32.0.1 - Backport openssl 08-Jan-2015 security fixes John Haxby orabug 20409893 - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1getrecord - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH Client - fix...

5CVSS2.8AI score0.98685EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/18 12:0 a.m.47 views

F5 Networks BIG-IP : OpenSSL vulnerability (SOL16126)

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. C Tenable Network Security, Inc...

5CVSS6.8AI score0.06574EPSS
Exploits0References6
IBM AIX
IBM AIX
added 2015/02/04 6:24 a.m.165 views

Multiple Security vulnerabilities in AIX OpenSSL

IBM SECURITY ADVISORY First Issued: Wed Feb 4 06:24:41 CST 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory12.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory12.asc...

5CVSS7AI score0.98685EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/16 12:0 a.m.72 views

OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0p. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0p advisory. - Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote...

5CVSS7.6AI score0.98685EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2015/01/16 12:0 a.m.55 views

OpenSSL 0.9.8 < 0.9.8zd Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.8zd. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8zd advisory. - The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the...

5CVSS7.5AI score0.98685EPSS
Exploits0References13
Debian
Debian
added 2015/01/11 1:16 p.m.70 views

[SECURITY] [DLA 132-1] openssl security update

Package : openssl Version : 0.9.8o-4squeeze19 CVE ID : CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:...

5CVSS7AI score0.98685EPSS
Exploits0
NVD
NVD
added 2015/01/09 2:59 a.m.26 views

CVE-2014-3572

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5CVSS5.6AI score0.06574EPSS
Exploits0References37
OSV
OSV
added 2015/01/09 2:59 a.m.7 views

CVE-2014-3572

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

7.3AI score
Exploits0References37
Prion
Prion
added 2015/01/09 2:59 a.m.37 views

Code injection

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5CVSS6.9AI score0.06574EPSS
Exploits0References37Affected Software1
Cvelist
Cvelist
added 2015/01/09 2:0 a.m.24 views

CVE-2014-3572

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5.8AI score0.06574EPSS
Exploits0References37
Debian CVE
Debian CVE
added 2015/01/09 2:0 a.m.35 views

CVE-2014-3572

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...

5CVSS6.8AI score0.06574EPSS
Exploits0
CVE
CVE
added 2015/01/09 2:0 a.m.200 views

CVE-2014-3572

OpenSSL OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k is vulnerable to an ECDHE‑to‑ECDH downgrade attack caused by omitting the ServerKeyExchange message, which can trigger loss of forward secrecy. The issue affects multiple platforms (e.g., AIX advisories and other vendor ...

5CVSS5.7AI score0.06574EPSS
Exploits0References37Affected Software1
Rows per page
Query Builder