Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

313 matches found

Tenable Nessus
Tenable Nessusadded 2017/10/24 12:0 a.m.223 views

AIX bind Advisory : nettcp_advisory2.asc (IV86116) (IV86117) (IV86118) (IV86119) (IV86120) (IV86132)

The version of bind installed on the remote AIX host is affected by the following vulnerabilities : - The TLS protocol allows weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker can...

5.9CVSS7.4AI score0.0107EPSS
Exploits0References3
Filippo.io
Filippo.ioadded 2017/10/04 2:49 p.m.37 views

The scrypt parameters

The recommended scrypt parameters in the Go docs were recently brought up for discussion given they haven't changed since 2009. Even if at this point I memorized the three numbers N=16384, r=8, p=1 I only have a vague understanding of their meaning, so I took some time to read the scrypt paper...

6.8AI score
Exploits0
AlpineLinux
AlpineLinuxadded 2017/04/09 2:0 p.m.41 views

CVE-2017-7607

The handlegnuhash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file...

5.5CVSS5.6AI score0.00335EPSS
Exploits1
PyPA
PyPAadded 2017/03/29 2:59 p.m.4 views

PYSEC-2017-143

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision...

5.5CVSS6.9AI score0.00322EPSS
Exploits0References6Affected Software1
ThreatPost
ThreatPostadded 2017/02/23 1:17 p.m.15 views

First Practical SHA-1 Collision Attack Arrives

Researchers unveiled on Thursday the first practical collision attack for the 22-year old cryptographic hash function SHA-1. While long expected, news of the attack, dubbed ‘SHAttered,’ should further accelerate the urgency of sunsetting of the maligned algorithm. Researchers from Google, Elie...

7.3AI score
Exploits0References14
OSV
OSVadded 2017/02/06 6:59 a.m.0 views

DEBIAN-CVE-2016-10154

The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more th...

5.5CVSS6.8AI score0.00046EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2016/10/21 12:0 a.m.48 views

AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

5.9CVSS7.2AI score0.0107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2016/10/21 12:0 a.m.31 views

AIX 5.3 TL 12 : nettcp (IV88957) (SLOTH) (deprecated)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

5.7AI score0.0107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2016/10/21 12:0 a.m.42 views

AIX 7.1 TL 3 : nettcp (IV82328) (SLOTH)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

5.9CVSS7.2AI score0.0107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2016/10/21 12:0 a.m.231 views

AIX 6.1 TL 9 : nettcp (IV78625) (SLOTH)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

5.9CVSS7.2AI score0.0107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2016/10/21 12:0 a.m.43 views

AIX 7.1 TL 3 : nettcp (IV82331) (SLOTH) (deprecated)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

5.7AI score0.0107EPSS
Exploits0References3
Lenovo
Lenovoadded 2016/08/14 12:0 a.m.11 views

Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH) - Lenovo Support US

No description provided...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2016/07/27 12:0 a.m.60 views

AIX 5.3 TL 12 : nettcp (IV86120) (SLOTH)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

5.9CVSS7.1AI score0.0107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2016/07/27 12:0 a.m.77 views

AIX 6.1 TL 9 : nettcp (IV86116) (SLOTH)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

5.9CVSS7.1AI score0.0107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2016/07/27 12:0 a.m.242 views

AIX 7.2 TL 0 : nettcp (IV86132) (SLOTH)

https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...

5.9CVSS7.1AI score0.0107EPSS
Exploits0References3
ThreatPost
ThreatPostadded 2016/05/31 1:37 p.m.11 views

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

Hackers are peddling roughly 427 million passwords belonging to users of MySpace, a social network that in its heyday was one of the most visited sites on the internet. The same service that claimed to have information on 164 million LinkedIn users earlier this month is now boasting to have...

6.8AI score
Exploits0References7
ThreatPost
ThreatPostadded 2016/05/03 9:43 a.m.15 views

Microsoft's SHA-1 Deprecation Begins with Windows 10 Anniversary Update

The home stretch of Microsoft’s planned SHA-1 deprecation schedule has arrived. This summer, with the planned release of the Windows 10 Anniversary Update, users should see signs that the weak cryptographic hash function is being phased out. Microsoft said that once the anniversary update is roll...

0.9AI score
Exploits0References8
Tenable Nessus
Tenable Nessusadded 2016/03/11 12:0 a.m.45 views

Amazon Linux AMI : openssl (ALAS-2016-661) (DROWN) (SLOTH)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is...

10CVSS8.5AI score0.90348EPSS
Exploits3References9
OpenVAS
OpenVASadded 2016/02/11 12:0 a.m.51 views

Amazon Linux: Security Advisory (ALAS-2016-645)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.9AI score0.0107EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2016/02/10 12:0 a.m.39 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-647) (SLOTH)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

10CVSS8.1AI score0.09896EPSS
Exploits0References8
Rows per page
Query Builder