Lucene search
K

33 matches found

Amazon
Amazon
added 2016/12/15 12:0 a.m.47 views

Medium: nss-util, nss, nss-softokn

Issue Overview: CVE-2016-2834 nss: Multiple security flaws MFSA 2016-61 Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the...

9.3CVSS8.9AI score0.0338EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/11/17 12:0 a.m.32 views

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...

5.9CVSS6.8AI score0.02015EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/11/16 5:58 a.m.7 views

nss: small-subgroups attack flaw

It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...

5.9CVSS7.3AI score0.02015EPSS
Exploits0References4
Into the symmetry
Into the symmetry
added 2015/12/22 1:29 p.m.210 views

Small subgroup attack in Mozilla NSS

tl;dr While the TLS servers attacks has been pretty much studied and fixed see e.g. https://www.secure-resumption.com/ and https://weakdh.org/ the situation with the TLS clients is was not ideal and can be improved. Here I report a Small subgroup attack for TLS clients that I performed against...

5CVSS8.6AI score0.04664EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.6 views

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/03/11 6:48 p.m.5 views

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/02/10 12:0 a.m.24 views

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20130208)

Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476,...

10CVSS7.9AI score0.08087EPSS
Exploits2References21
RedHat Linux
RedHat Linux
added 2013/02/08 7:20 p.m.8 views

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/02/08 7:6 p.m.4 views

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/02/04 11:51 p.m.9 views

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/02/04 11:50 p.m.5 views

OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
Prion
Prion
added 2013/02/02 12:55 a.m.26 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS5.8AI score0.04259EPSS
Exploits0References27Affected Software2
UbuntuCve
UbuntuCve
added 2013/02/01 12:0 a.m.43 views

CVE-2013-0443

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
Rows per page
Query Builder