Lucene search
K

490 matches found

Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.19 views

Fedora 22 : mbedtls-1.3.16-1.fc22 (2016-11cca392ff)

Update to 1.3.16 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl .1.2.19-released Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

5.4AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.30 views

Fedora 21 : mbedtls-1.3.14-1.fc21 (2015-30a417bea9)

Update to 1.3.14 - CVE-2015-5291 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1 .2.17-released Security notes: https://tls.mbed.org/tech-updates/security-advisories/mb edtls-security- advisory-2015-01 Note that Tenable Network Security has...

6.8CVSS6.8AI score0.03629EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.14 views

Fedora 23 : mbedtls-2.2.1-1.fc23 (2016-b3784096ef)

Update to 2.2.1 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl .1.2.19-released ---- - Update to 2.2.0 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl .1.2.18-released Note that Tenable Network...

5.4AI score
Exploits0References3
OpenVAS
OpenVAS
added 2016/02/02 12:0 a.m.35 views

openSUSE: Security Advisory for mbedtls (openSUSE-SU-2015:2257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.03629EPSS
Exploits0References1
ArchLinux
ArchLinux
added 2016/01/25 12:0 a.m.61 views

mbedtls: man-in-the-middle

mbedTLS before 2.2.1 is vulnerable to the SLOTH attack, breaking MD5 signatures potentially used during TLS 1.2 handshakes to impersonate a TLS server...

4.3CVSS3AI score0.0288EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/01/25 12:0 a.m.35 views

openSUSE Security Update : mbedtls (openSUSE-2016-59) (SLOTH)

This update to mbedtls 1.3.16 fixes the following security issues : - CVE-2015-7575: Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication boo961284 - boo961290: potential double free during certificate generation %NASLMINLEVEL 70300 ...

5.9CVSS7.5AI score0.0288EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/01/20 12:0 a.m.22 views

Fedora Update for mbedtls FEDORA-2016-11

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/01/08 12:0 a.m.19 views

FreeBSD : mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication (4084168e-b531-11e5-a98c-0011d823eebd)

ARM Limited reports : MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL. %NASLMINLEVEL 70300 C Tenable Network Security...

5.5AI score
Exploits0References2
FreeBSD
FreeBSD
added 2016/01/04 12:0 a.m.12 views

mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication

ARM Limited reports: MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL...

3.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/12/16 12:0 a.m.28 views

openSUSE Security Update : mbedtls (openSUSE-2015-898)

This update for mbedtls fixes the following security and non-security issues : - Update to 1.3.15 - Fix potential double free if sslsetpsk is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. - Fix potential heap corruption on windows...

6.8CVSS7.5AI score0.03629EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2015/12/13 1:12 p.m.46 views

Security update for mbedtls (important)

This update for mbedtls fixes the following security and non-security issues: - Update to 1.3.15 Fix potential double free if sslsetpsk is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. Fix potential heap corruption on windows when...

6.8CVSS0.2AI score0.03629EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/10/24 12:0 a.m.30 views

Fedora Update for mbedtls FEDORA-2015-30

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.1AI score0.03629EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/10/24 12:0 a.m.27 views

Fedora Update for mbedtls FEDORA-2015-7

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.1AI score0.03629EPSS
Exploits0References2
Fedora
Fedora
added 2015/10/23 4:23 p.m.33 views

[SECURITY] Fedora 21 Update: mbedtls-1.3.14-1.fc21

Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their embedded applications with as little hassle as possible. FOSS License Exception:...

6.8CVSS0.7AI score0.03629EPSS
Exploits0
ArchLinux
ArchLinux
added 2015/10/15 12:0 a.m.46 views

mbedtls: arbitrary code execution

When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension an...

6.8CVSS2.6AI score0.03629EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/10/15 12:0 a.m.38 views

FreeBSD : mbedTLS/PolarSSL -- DoS and possible remote code execution (07a1a76c-734b-11e5-ae81-14dae9d210b8)

ARM Limited reports : When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow : the...

6.8CVSS7.2AI score0.03629EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/10/06 12:0 a.m.9 views

FreeBSD : mbedTLS/PolarSSL -- multiple vulnerabilities (5d280761-6bcf-11e5-9909-002590263bf5)

ARM Limited reports : Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS1 v1.5 signatures. These releases include countermeasures against that attack. Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This...

5.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/10/06 12:0 a.m.18 views

FreeBSD : mbedTLS/PolarSSL -- multiple vulnerabilities (953aaa57-6bce-11e5-9909-002590263bf5)

ARM Limited reports : In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size of Diffie-Hellman parameters accepted by the client has been increased to 1024 bits. In addition the default size for the Diffie-Hellman parameters on t...

5.4AI score
Exploits0References2
FreeBSD
FreeBSD
added 2015/10/05 12:0 a.m.29 views

mbedTLS/PolarSSL -- DoS and possible remote code execution

ARM Limited reports: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the sessio...

6.8CVSS8AI score0.03629EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/09/18 12:0 a.m.13 views

mbedTLS/PolarSSL -- multiple vulnerabilities

ARM Limited reports: Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS1 v1.5 signatures. These releases include countermeasures against that attack. Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This...

0.1AI score
Exploits0References1
Rows per page
Query Builder