Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-0739

Malware in sbrugna...

5.9CVSS7.7AI score0.06903EPSS
Exploits0References41
F5 Networks
F5 Networks
added 2023/02/21 6:15 p.m.152 views

K16674: TLS vulnerability CVE-2015-4000

Security Advisory Description The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE...

4.3CVSS6.8AI score0.9986EPSS
Exploits1Affected Software16
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.4 views

SUSE CVE-2016-0704

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

5.9CVSS7.6AI score0.06903EPSS
Exploits0References15
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2016:0748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.6AI score0.89557EPSS
Exploits21References2
RedHat Linux
RedHat Linux
added 2016/03/14 8:0 p.m.6 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
OPENSUSE Linux
OPENSUSE Linux
added 2016/03/02 11:12 p.m.43 views

Security update for openssl (important)

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS1.3AI score0.83645EPSS
Exploits2References9
OSV
OSV
added 2016/03/02 11:59 a.m.1 views

DEBIAN-CVE-2016-0704

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

5.9CVSS9.3AI score0.06903EPSS
Exploits0References1
seebug.org
seebug.org
added 2016/03/02 12:0 a.m.326 views

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

现在流行的服务器和客户端使用TLS加密, 然而由于错误配置, 许多服务器仍然支持SSLv2, 这是一种古老的协议, 许多客户端已经不支持 SSLv2。 DROWN攻击可以威胁到还在支持 SSLv2 的服务端和客户端,允许攻击者通过发送 probe 到支持 SSLv2 的使用相同密钥的服务端和客户端解密 TLS 通信。 官方关于漏洞的公告: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and...

4.3CVSS7.3AI score0.82112EPSS
Exploits2
Debian CVE
Debian CVE
added 2016/03/02 12:0 a.m.54 views

CVE-2016-0704

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

5.9CVSS8.2AI score0.06903EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2016/03/01 2:45 p.m.5 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/03/01 2:45 p.m.6 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/03/01 2:44 p.m.4 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
OpenSSL
OpenSSL
added 2016/03/01 12:0 a.m.80 views

Vulnerability in OpenSSL - Cross-protocol attack on TLS using SSLv2 (DROWN)

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting...

6.6AI score0.82112EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2015/06/09 12:0 a.m.15 views

Ubuntu: Security Advisory (USN-2625-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
Ubuntu
Ubuntu
added 2015/06/02 12:43 p.m.29 views

USN-2625-1: Apache HTTP Server update

As a security improvement, this update makes the following changes to the Apache package in Ubuntu 12.04 LTS: Added support for ECC keys and ECDH ciphers. The SSLProtocol configuration directive now allows specifying the TLSv1.1 and TLSv1.2 protocols. Ephemeral key handling has been improved,...

5.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/06/02 12:0 a.m.18 views

Ubuntu 14.04 LTS : OpenSSL update (USN-2624-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2624-1 advisory. As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks. Tenable h...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/06/01 5:7 p.m.50 views

USN-2624-1: OpenSSL update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...

5.4AI score
Exploits0References1
OSV
OSV
added 2015/06/01 5:7 p.m.3 views

USN-2624-1 openssl update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...

4.3CVSS6.2AI score0.9986EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2015/05/13 1:36 p.m.2 views

openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method...

4.3CVSS7AI score0.98685EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2015/04/13 11:54 a.m.5 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
Rows per page
Query Builder