5 matches found
EUVD-2014-3553
Malware in sbrugna...
SUSE CVE-2014-3572
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
USN-2673-1 thunderbird vulnerabilities
Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property...
DEBIAN-CVE-2014-3572
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
UBUNTU-CVE-2014-3572
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...