795 matches found
F5 Networks BIG-IP : libssh2 vulnerability (K21531693)
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a 'bits/bytes confusion bug.' CVE-2016-0787 C Tenable Network...
GLSA-201606-12 : libssh and libssh2: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201606-12 libssh and libssh2: Multiple vulnerabilities libssh and libssh2 both have a bits/bytes confusion bug and generate an abnormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange...
IBM Security Network Protection Multiple Vulnerabilities
IBM Security Network Protection is prone to multiple vulnerabilities. 1. IBM Security Network Protection uses Kerberos krb5 to provide network authentication. The Kerberos krb5 version that is shipped with IBM Security Network Protection contains multiple security vulnerabilities. 2. The libssh2...
Amazon Linux: Security Advisory (ALAS-2016-683)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libssh2 diffie_hellman_sha256 information disclosure vulnerability
libssh2 is a client-side C library that implements the SSH2 protocol. An information disclosure vulnerability exists in libssh2 diffiehellmansha256, which can be exploited by an attacker to decrypt or intercept SSH sessions...
ALPINE-CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
DEBIAN-CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The CVE-2016-0787 entry concerns libssh2 (before 1.7.0) where the diffie_hellman_sha256 function truncates ephemeral DH secrets to 128 or 256 bits, enabling potential man-in-the-middle decryption/interception of SSH sessions. Root cause: truncated DH secret length. Impact: weakened SSH handshake ...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
Amazon Linux AMI : libssh2 (ALAS-2016-683)
A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. C Tenable Network Security, Inc. Th...
Medium: libssh2
Issue Overview: A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. Affected Packages:...
libssh2 Security Bypass Vulnerability
libssh2 is a client-side C library for implementing the SSH2 protocol. A security vulnerability exists in libssh2 that allows remote attackers to exploit vulnerabilities and cause the SSHv2 Diffie-Hellman handshake to use insecure random parameters...
Scientific Linux Security Update : libssh2 on SL6.x, SL7.x i386/x86_64 (20160310)
A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. CVE-2016-0787 After installing thes...
RedHat Update for libssh2 RHSA-2016:0428-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2016-0428)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...