EUVD-2020-5153

Malware in sbrugna...

EUVD-2016-7256

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-12872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP...

Linux Distros Unpatched Vulnerability : CVE-2016-6329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to the Sweet32 attack.

Summary The 3DES cipher was available in some TLS cipher suites. Vulnerability Details CVEID:CVE-2016-2183 DESCRIPTION: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-2183)

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

Linux Distros Unpatched Vulnerability : CVE-2016-2183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billi...

Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329)

Summary IBM i is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block...

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2014-3643 DESCRIPTION: Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by jersey SAX parser. By sending ...

RHEL 7 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla NSS: Errors in mpdiv and mpexptmod cryptographic functions CVE-2016-1938 - SSL/TLS: Birthday atta...

RHEL 6 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla NSS: Errors in mpdiv and mpexptmod cryptographic functions CVE-2016-1938 - SSL/TLS: Birthday atta...

RHEL 7 : ssl_tls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - SSL/TLS: Birthday attack against 64-bit block ciphers SWEET32 CVE-2016-2183 - A denial of service flaw wa...

RHEL 5 : ssl_tls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - SSL/TLS: Birthday attack against 64-bit block ciphers SWEET32 CVE-2016-2183 - A denial of service flaw wa...

Weak Cryptography

github.com/kyverno/kyverno is vulnerable to Weak Cryptography. The vulnerability exits due the use of insecure ciphers such as TLSECDHERSAWITH3DESEDECBCSHA secp256r1 and TLSRSAWITH3DESEDECBCSHA rsa 2048, which are known to be vulnerable to the Sweet32 attack...

Kyverno vulnerable due to usage of insecure cipher

Summary Insecure 3DES ciphers are used which may lead to exploitation of the Sweet32 vulnerability. Specifically, the ciphers TLSECDHERSAWITH3DESEDECBCSHA secp256r1 and TLSRSAWITH3DESEDECBCSHA rsa 2048 are allowed. See CVE-2016-2183. This is fixed in Kyverno v1.9.5 and v1.10.0 and no known users...

GHSA-HGV6-W7R3-W4QW Kyverno vulnerable due to usage of insecure cipher

Summary Insecure 3DES ciphers are used which may lead to exploitation of the Sweet32 vulnerability. Specifically, the ciphers TLSECDHERSAWITH3DESEDECBCSHA secp256r1 and TLSRSAWITH3DESEDECBCSHA rsa 2048 are allowed. See CVE-2016-2183. This is fixed in Kyverno v1.9.5 and v1.10.0 and no known users...

Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM BladeCenter Networking Switch products. The IBM BladeCenter Networking Switch products below have addressed the applicable CVE. Vulnerability Details Summary OpenSSL...

Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems

Summary IBM Advanced Management Module AMM for BladeCenter systems has addressed the following vulnerability in OpenSSL. Vulnerability Details Summary IBM Advanced Management Module AMM for BladeCenter systems has addressed the following vulnerability in OpenSSL. Vulnerability Details CVE-ID:...

K30315990: OpenVPN vulnerability CVE-2016-6329

Security Advisory Description OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attac...

SUSE CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...