19 matches found
EUVD-2015-7656
Malware in sbrugna...
EUVD-2004-0925
Malware in sbrugna...
EUVD-1999-1079
Malware in sbrugna...
EUVD-2017-6985
Malware in sbrugna...
CVE-2004-0927
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions...
CVE-2022-20940
A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...
BSA-2018-514
Security Advisory ID : BSA-2018-514 Component : TLS Implementations Revision : 1.1: Final TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. An attacker could...
Google Chrome Security Bypass Vulnerability (CNVD-2017-07170)
Google Chrome is a web browser developed by the American company Google Google. A security bypass vulnerability exists in Google Chrome, which originates when the program caches a TLS session before validating a certificate. An attacker can exploit the vulnerability to decrypt TLS sessions...
OpenSSL Cross-Protocol Attack Vulnerability
OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. Cross-protocol...
openssl: Divide-and-conquer session key recovery in SSLv2
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...
openssl: Divide-and-conquer session key recovery in SSLv2
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...
openssl: Divide-and-conquer session key recovery in SSLv2
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...
Oracle-Database-Authentication
Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database. This vulnerability affects Oracle Database 11g Release 1 and 11g Relea...
Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessions
It’s been more than 25 years since Ron Rivest invented his RC4 stream cipher, and after all that time it’s still being used widely, which is something of an achievement in the crypto world. However, for more than 15 years researchers have known about a weakness in RC4 that could enable an attacke...
Design/Logic Flaw
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL...
CVE-2006-0999
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server OES allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL...
CVE-2004-0927
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions...
CVE-2004-0927
CVE-2004-0927 affects Mac OS X ServerAdmin (versions 10.2.8–10.3.5). The issue arises from using the same example self-signed certificate across systems, enabling remote attackers to decrypt sessions. The connected documents corroborate the core vulnerability description across multiple sources (...
CVE-1999-1098
Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing...