Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.38 views

Security Bulletin: SSLv2 DROWN Vulnerability (CVE-2016-0800)

Question Security Bulletin: SSLv2 DROWN Vulnerability CVE-2016-0800 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

5.9CVSS7.3AI score0.82112EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2004-0824

Malware in sbrugna...

7.5CVSS6.1AI score0.22525EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-2948

Malware in sbrugna...

7.5CVSS8.6AI score0.02517EPSS
Exploits0References5
Prion
Prion
added 2018/08/17 2:29 p.m.20 views

Code injection

Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118...

4.3CVSS5.8AI score0.00787EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/05/20 10:0 a.m.52 views

CVE-2016-1853

CVE-2016-1853 refers to Tcl on macOS OS X El Capitan prior to 10.11.5. The vulnerability is an information disclosure: an attacker in a privileged network position could leverage SSLv2 support to obtain sensitive information. The connected Apple advisory notes that the protection involves disabli...

7.5CVSS7AI score0.02517EPSS
Exploits0References4Affected Software1
myhack58
myhack58
added 2016/03/04 12:0 a.m.42 views

Based on the CVE-2 0 1 6-0 7 0 3 analysis DrownAttack for OpenSSL hazards-vulnerability warning-the black bar safety net

What is the Drown Attack Drown is a cross-Protocol attack, through the use of SSLv2 vulnerabilities to attack the TLS, in fact, is the man in the middle attacks further use. Man in the middle attacks simple example: such as hijacking the user's traffic HTTP. However, some server and client...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/02 12:0 a.m.326 views

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

现在流行的服务器和客户端使用TLS加密, 然而由于错误配置, 许多服务器仍然支持SSLv2, 这是一种古老的协议, 许多客户端已经不支持 SSLv2。 DROWN攻击可以威胁到还在支持 SSLv2 的服务端和客户端,允许攻击者通过发送 probe 到支持 SSLv2 的使用相同密钥的服务端和客户端解密 TLS 通信。 官方关于漏洞的公告: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and...

4.3CVSS7.3AI score0.82112EPSS
Exploits2
NVD
NVD
added 2016/03/01 8:59 p.m.26 views

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS6.6AI score0.82112EPSS
Exploits2References63
OSV
OSV
added 2016/03/01 8:59 p.m.8 views

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS7.1AI score
Exploits0References63
Tenable Nessus
Tenable Nessus
added 2006/10/25 12:0 a.m.36 views

GLSA-200610-11 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200610-11 OpenSSL: Multiple vulnerabilities Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSLgetsharedciphers function contains a buffer overflow vulnerability, and that the SSLv2 client code...

10CVSS8AI score0.48575EPSS
Exploits10References5
Rows per page
Query Builder