Lucene search
+L

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/01 3:33 a.m.7 views

CVE-2026-7830

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.5 views

SUSE CVE-2016-0701

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

3.7CVSS9.1AI score0.83645EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2021/04/22 4:16 p.m.68 views

Observable Differences in Behavior to Error Inputs in Bouncy Castle

In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that...

5.3CVSS5.5AI score0.00914EPSS
Exploits0References8Affected Software8
OSV
OSV
added 2021/04/22 4:16 p.m.11 views

GHSA-72M5-FVVV-55M6 Observable Differences in Behavior to Error Inputs in Bouncy Castle

In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that...

5.3CVSS6.8AI score0.00914EPSS
Exploits0References7
NVD
NVD
added 2020/11/02 10:15 p.m.24 views

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3CVSS6.4AI score0.00914EPSS
Exploits0References2
OSV
OSV
added 2020/11/02 10:15 p.m.3 views

DEBIAN-CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3CVSS6.5AI score0.00914EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/11/02 10:15 p.m.37 views

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3CVSS6.8AI score0.00914EPSS
Exploits0References3
OSV
OSV
added 2020/11/02 10:15 p.m.9 views

UBUNTU-CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3CVSS6.9AI score0.00914EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/11/02 10:0 p.m.25 views

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3AI score0.00914EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/11/02 10:0 p.m.37 views

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3CVSS6.2AI score0.00914EPSS
Exploits0
RubySec
RubySec
added 2019/11/26 12:0 a.m.9 views

Private Ruby OpenSSL RSA key generation is always "1"

The OpenSSL extension of Ruby Git trunk versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation...

9.8CVSS6.9AI score0.02529EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2016/02/15 2:59 a.m.35 views

CVE-2016-0701

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

3.7CVSS5.3AI score0.83645EPSS
Exploits1References24
OSV
OSV
added 2016/02/15 2:59 a.m.5 views

DEBIAN-CVE-2016-0701

The DHcheckpubkey function in crypto/dh/dhcheck.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman DH key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose...

3.7CVSS5.8AI score0.83645EPSS
Exploits1References1
0day.today
0day.today
added 2009/11/10 12:0 a.m.32 views

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass

Exploit for unknown platform in category remote exploits ====================================================================================== Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability...

7.1AI score
Exploits0
Rows per page
Query Builder