CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2019/10/18 3:10 a.m.•26 views

Security Bulletin: TLS padding vulnerability affects IBM Netezza Performance Portal (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Netezza Performance Portal. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information...

4.3CVSS0.4AI score0.1372EPSS

Exploits0Affected Software1

RedhatCVE•added 2019/10/17 3:21 p.m.•27 views

CVE-2019-11755

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...

7.5CVSS2.5AI score0.01075EPSS

Positive Technologies•added 2019/10/16 12:0 a.m.•3 views

PT-2019-11840 · Jenkins · Jenkins Cadence Vmanager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions prior to 2.7.1 Description: The issue concerns the disabling of SSL/TLS and hostname verification globally for the Jenkins master JVM. This affects the security of the Jenkins master JVM, potentially...

8.2CVSS8.1AI score0.00993EPSS

Exploits0References6

BDU FSTEC•added 2019/10/16 12:0 a.m.•4 views

The vulnerability of the Java Secure Socket Extension (JSSE) component of the OpenJDK project, a programming language for Java, allows attackers to gain access to confidential data.

The vulnerability of the Java Secure Socket Extension JSSE component of the OpenJDK project, a programming language, is related to errors in processing the attached OCSP response during TLS handshake. Exploiting this vulnerability can allow an attacker operating remotely to gain access to...

5.3CVSS5.5AI score0.02016EPSS

Exploits0References5Affected Software3

Microsoft KB•added 2019/10/15 12:0 a.m.•5 views

October 15, 2019—KB4520015 (Preview of Monthly Rollup)

October 15, 2019—KB4520015 Preview of Monthly Rollup IMPORTANT Customers who have purchased the Extended Security Update ESU for on-premises versions of some operating systems must follow specific procedures to continue receiving security updates after extended support ends on January 14, 2020. F...

5.9CVSS6.8AI score0.0329EPSS

Microsoft KB•added 2019/10/15 12:0 a.m.•7 views

October 15, 2019—KB4520012 (Preview of Monthly Rollup)

October 15, 2019—KB4520012 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4520005released October 8, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates time...

5.9CVSS7.1AI score0.0329EPSS

RedHat Linux•added 2019/10/14 8:50 a.m.•0 views

containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

6.4CVSS7.3AI score0.01591EPSS

Tenable Nessus•added 2019/10/11 12:0 a.m.•26 views

Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability

A denial of service DoS vulnerability exists in Secure Sockets Layer SSL VPN feature of Cisco Adaptive Security Appliance ASA Software due to incorrect handling of Base64-encoded strings. An unauthenticated, remote attacker can exploit this issue, via opening many SSL VPN sessions to an affected...

7.7CVSS6.9AI score0.01526EPSS

OSV•added 2019/10/10 2:15 p.m.•0 views

CVE-2019-1318

A spoofing vulnerability exists when Transport Layer Security TLS accesses non- Extended Master Secret EMS sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'...

5.9CVSS6.2AI score0.0329EPSS

NVD•added 2019/10/10 2:15 p.m.•12 views

CVE-2019-1318

A spoofing vulnerability exists when Transport Layer Security TLS accesses non- Extended Master Secret EMS sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'...

5.9CVSS5.6AI score0.0329EPSS

Cvelist•added 2019/10/10 1:28 p.m.•24 views

CVE-2019-1318

A spoofing vulnerability exists when Transport Layer Security TLS accesses non- Extended Master Secret EMS sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'...

7.3AI score0.0329EPSS

Tenable Nessus•added 2019/10/10 12:0 a.m.•26 views

Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway DoS (cisco-sa-20190925-sip-alg)

According to its self-reported version, Cisco IOS XE Software is affected by a denial of service DoS vulnerability in the Network Address Translation NAT Session Initiation Protocl SIP Application Layer Gateway ALG. This allows an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS7.8AI score0.01967EPSS

OSV•added 2019/10/09 8:15 p.m.•4 views

CVE-2019-0051

SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the...

7.5CVSS5.8AI score0.01064EPSS

Microsoft CVE•added 2019/10/08 7:0 a.m.•25 views

Microsoft Windows Transport Layer Security Spoofing Vulnerability

A spoofing vulnerability exists when Transport Layer Security TLS accesses non- Extended Master Secret EMS sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized information. To exploit the vulnerability, an attacker would have to conduct a...

7.7CVSS2AI score0.0329EPSS