Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-2184

Malware in sbrugna...

5CVSS8.9AI score0.02371EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.33 views

Security Bulletin: IBM Informix Cryptographic Library Updates (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Abstract Multiple security problems exist in the IBM GSKit libraries that IBM Informix and IBM Informix ClientSDK use to provide communications security and other cryptographic functionality. Content CVE ID: CVE-2012-2190 DESCRIPTION: GSKit allows remote attackers to cause a denial of service...

7.5CVSS7AI score0.0388EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2017/02/10 1:42 a.m.65 views

Access Bypass

OpenSSL is vulnerable to access bypass. OpenSSL accepts client authentication with a Diffie-Helman certificate without receiving a CertificateValue message. This allows attacks to gain access without the knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that...

5CVSS6.2AI score0.24626EPSS
Exploits0References72Affected Software1
NVD
NVD
added 2015/10/09 5:59 a.m.20 views

CVE-2015-5887

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data...

10CVSS5.3AI score0.02461EPSS
Exploits0References4
CVE
CVE
added 2015/10/09 1:0 a.m.62 views

CVE-2015-5887

CVE-2015-5887 affects Apple macOS Secure Transport: the TLS Handshake Protocol in OS X before 10.11 accepts a CertificateRequest within a session that did not send ServerKeyExchange. This allows remote attackers to influence the TLS negotiation via crafted data, with an unspecified impact. The is...

10CVSS6.2AI score0.02461EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2015/01/09 2:59 a.m.20 views

CVE-2015-0205

The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...

5CVSS5.7AI score0.24626EPSS
Exploits0References36
OSV
OSV
added 2015/01/09 2:59 a.m.10 views

CVE-2015-0205

The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...

7.4AI score
Exploits0References36
Prion
Prion
added 2015/01/09 2:59 a.m.23 views

Authentication flaw

The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...

5CVSS7AI score0.24626EPSS
Exploits0References36Affected Software1
CVE
CVE
added 2015/01/09 2:0 a.m.134 views

CVE-2015-0205

CVE-2015-0205 affects OpenSSL 1.0.0 (before 1.0.0p) and 1.0.1 (before 1.0.1k). The issue: a Diffie-Hellman (DH) certificate could be accepted for client authentication without requiring a CertificateVerify message, enabling remote attackers to obtain access without the private key via crafted TLS...

5CVSS6.5AI score0.24626EPSS
Exploits0References36Affected Software1
EUVD
EUVD
added 2015/01/09 2:0 a.m.5 views

EUVD-2015-0242

The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...

5CVSS6.2AI score0.24626EPSS
Exploits0References43
Cvelist
Cvelist
added 2015/01/09 2:0 a.m.22 views

CVE-2015-0205

The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...

5.8AI score0.24626EPSS
Exploits0References36
Tenable Nessus
Tenable Nessus
added 2012/10/17 12:0 a.m.29 views

IBM Tivoli Directory Server TLS NULL Cipher (uncredentialed check)

The IBM Tivoli Directory Server hosted on the remote host supports TLS NULL-MD5 or NULLSHA ciphers. This allows remote, unauthenticated attackers to trigger unencrypted communication via the TLS handshake protocol. Note that this version of Directory Server likely has other vulnerabilities i.e.,...

6.4CVSS5.8AI score0.02311EPSS
Exploits0References2
seebug.org
seebug.org
added 2012/08/26 12:0 a.m.43 views

IBM WebSphere Application Server远程拒绝服务漏洞

BUGTRAQ ID: 55185 CVE ID: CVE-2012-2190 IBM WebSphere Application Server WAS是由IBM遵照开放标准开发并发行的一种应用服务器。 IBM WebSphere Application Server WAS 6.1.0.45之前的6.1.x、7.0.0.25之前的7.0.x、8.0.0.4之前的8.0.x、8.5.0.1之前的8.5.x中,IBM HTTP Server内使用的IBM Global Security Kit...

5CVSS9AI score0.02371EPSS
Exploits1
NVD
NVD
added 2012/08/21 10:46 a.m.23 views

CVE-2012-2190

IBM Global Security Kit aka GSKit, as used in IBM HTTP Server in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service daemon crash via a crafted ClientHello message i...

5CVSS6AI score0.02371EPSS
Exploits1References3
Prion
Prion
added 2012/08/21 10:46 a.m.34 views

Design/Logic Flaw

IBM Global Security Kit aka GSKit, as used in IBM HTTP Server in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service daemon crash via a crafted ClientHello message i...

5CVSS6.6AI score0.02371EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2012/08/21 10:0 a.m.25 views

CVE-2012-2190

IBM Global Security Kit aka GSKit, as used in IBM HTTP Server in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service daemon crash via a crafted ClientHello message i...

6AI score0.02371EPSS
Exploits1References3
Prion
Prion
added 2012/04/22 6:55 p.m.21 views

Default configuration

The default configuration of TLS in IBM Tivoli Directory Server TDS 6.3 and earlier supports the 1 NULL-MD5 and 2 NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol...

6.4CVSS7AI score0.02311EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder