Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-5161

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Nov, 2008 | 17:00
Updated At-07 Aug, 2024 | 10:40
Rejected At-
Credits

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Nov, 2008 | 17:00
Updated At:07 Aug, 2024 | 10:40
Rejected At:
▼CVE Numbering Authority (CNA)

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://openssh.org/txt/cbc.adv
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
vendor-advisory
x_refsource_SUNALERT
http://www.securityfocus.com/bid/32319
vdb-entry
x_refsource_BID
http://secunia.com/advisories/33121
third-party-advisory
x_refsource_SECUNIA
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
x_refsource_CONFIRM
http://osvdb.org/49872
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/33308
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2009-1287.html
vendor-advisory
x_refsource_REDHAT
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
x_refsource_MISC
http://www.securitytracker.com/id?1021382
vdb-entry
x_refsource_SECTRACK
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
x_refsource_CONFIRM
http://osvdb.org/50036
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/32833
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/36558
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/50035
vdb-entry
x_refsource_OSVDB
http://www.ssh.com/company/news/article/953/
x_refsource_CONFIRM
http://www.securitytracker.com/id?1021235
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/34857
third-party-advisory
x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
x_refsource_MISC
http://support.attachmate.com/techdocs/2398.html
x_refsource_CONFIRM
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/3173
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/498579/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
vdb-entry
x_refsource_XF
http://secunia.com/advisories/32740
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1135
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/32760
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3184
vdb-entry
x_refsource_VUPEN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
http://www.securitytracker.com/id?1021236
vdb-entry
x_refsource_SECTRACK
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=125017764422557&w=2
vendor-advisory
x_refsource_HP
http://isc.sans.org/diary.html?storyid=5366
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
vendor-advisory
x_refsource_APPLE
http://marc.info/?l=bugtraq&m=125017764422557&w=2
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2008/3409
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/3172
vdb-entry
x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
vdb-entry
signature
x_refsource_OVAL
http://www.securityfocus.com/archive/1/498558/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/958563
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://openssh.org/txt/cbc.adv
Resource:
x_refsource_CONFIRM
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.securityfocus.com/bid/32319
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/33121
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/49872
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/33308
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-1287.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id?1021382
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10163
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/50036
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/32833
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/36558
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/50035
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.ssh.com/company/news/article/953/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1021235
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/34857
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
Resource:
x_refsource_MISC
Hyperlink: http://support.attachmate.com/techdocs/2398.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2008/3173
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/498579/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/32740
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1135
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/32760
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1021236
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10106
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=125017764422557&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://isc.sans.org/diary.html?storyid=5366
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://marc.info/?l=bugtraq&m=125017764422557&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2008/3409
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2008/3172
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securityfocus.com/archive/1/498558/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://support.apple.com/kb/HT3937
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/958563
Resource:
third-party-advisory
x_refsource_CERT-VN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://openssh.org/txt/cbc.adv
x_refsource_CONFIRM
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.securityfocus.com/bid/32319
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/33121
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
x_refsource_CONFIRM
x_transferred
http://osvdb.org/49872
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/33308
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2009-1287.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id?1021382
vdb-entry
x_refsource_SECTRACK
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
x_refsource_CONFIRM
x_transferred
http://osvdb.org/50036
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/32833
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/36558
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/50035
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.ssh.com/company/news/article/953/
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1021235
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/34857
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
x_refsource_MISC
x_transferred
http://support.attachmate.com/techdocs/2398.html
x_refsource_CONFIRM
x_transferred
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2008/3173
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/498579/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/32740
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/1135
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/32760
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/3184
vdb-entry
x_refsource_VUPEN
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1021236
vdb-entry
x_refsource_SECTRACK
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=125017764422557&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://isc.sans.org/diary.html?storyid=5366
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://marc.info/?l=bugtraq&m=125017764422557&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2008/3409
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2008/3172
vdb-entry
x_refsource_VUPEN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securityfocus.com/archive/1/498558/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
x_transferred
http://www.kb.cert.org/vuls/id/958563
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://openssh.org/txt/cbc.adv
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/32319
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/33121
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/49872
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/33308
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-1287.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021382
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10163
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/50036
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/32833
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/36558
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/50035
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.ssh.com/company/news/article/953/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021235
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/34857
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://support.attachmate.com/techdocs/2398.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/3173
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/498579/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/32740
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1135
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/32760
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021236
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10106
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=125017764422557&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://isc.sans.org/diary.html?storyid=5366
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=125017764422557&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/3409
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/3172
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/498558/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://support.apple.com/kb/HT3937
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/958563
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Nov, 2008 | 17:30
Updated At:11 Oct, 2018 | 20:54

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.6LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE Matches
OpenBSD
openbsd
>>openssh>>4.7p1
cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.0
cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.0.1
cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.0.3
cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.0.4
cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.0.5
cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.2
cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.2.1
cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3
cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.1
cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.1j
cpe:2.3:a:ssh:tectia_client:4.3.1j:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.2
cpe:2.3:a:ssh:tectia_client:4.3.2:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.2j
cpe:2.3:a:ssh:tectia_client:4.3.2j:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.3
cpe:2.3:a:ssh:tectia_client:4.3.3:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.4
cpe:2.3:a:ssh:tectia_client:4.3.4:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.5
cpe:2.3:a:ssh:tectia_client:4.3.5:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.6
cpe:2.3:a:ssh:tectia_client:4.3.6:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.7
cpe:2.3:a:ssh:tectia_client:4.3.7:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.8k
cpe:2.3:a:ssh:tectia_client:4.3.8k:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.3.9k
cpe:2.3:a:ssh:tectia_client:4.3.9k:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4
cpe:2.3:a:ssh:tectia_client:4.4:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.1
cpe:2.3:a:ssh:tectia_client:4.4.1:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.2
cpe:2.3:a:ssh:tectia_client:4.4.2:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.3
cpe:2.3:a:ssh:tectia_client:4.4.3:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.4
cpe:2.3:a:ssh:tectia_client:4.4.4:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.6
cpe:2.3:a:ssh:tectia_client:4.4.6:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.7
cpe:2.3:a:ssh:tectia_client:4.4.7:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.8
cpe:2.3:a:ssh:tectia_client:4.4.8:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.9
cpe:2.3:a:ssh:tectia_client:4.4.9:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.10
cpe:2.3:a:ssh:tectia_client:4.4.10:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>4.4.11
cpe:2.3:a:ssh:tectia_client:4.4.11:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.0.0
cpe:2.3:a:ssh:tectia_client:5.0.0:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.0.0f
cpe:2.3:a:ssh:tectia_client:5.0.0f:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.0.1
cpe:2.3:a:ssh:tectia_client:5.0.1:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.0.1f
cpe:2.3:a:ssh:tectia_client:5.0.1f:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.0.2
cpe:2.3:a:ssh:tectia_client:5.0.2:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.0.2f
cpe:2.3:a:ssh:tectia_client:5.0.2f:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.0.3
cpe:2.3:a:ssh:tectia_client:5.0.3:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.0.3f
cpe:2.3:a:ssh:tectia_client:5.0.3f:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.1.0
cpe:2.3:a:ssh:tectia_client:5.1.0:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.1.1
cpe:2.3:a:ssh:tectia_client:5.1.1:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.1.2
cpe:2.3:a:ssh:tectia_client:5.1.2:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.1.3
cpe:2.3:a:ssh:tectia_client:5.1.3:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.2.0
cpe:2.3:a:ssh:tectia_client:5.2.0:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.2.1
cpe:2.3:a:ssh:tectia_client:5.2.1:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.2.2
cpe:2.3:a:ssh:tectia_client:5.2.2:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.2.3
cpe:2.3:a:ssh:tectia_client:5.2.3:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.2.4
cpe:2.3:a:ssh:tectia_client:5.2.4:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.3.0
cpe:2.3:a:ssh:tectia_client:5.3.0:*:*:*:*:*:*:*
ssh
ssh
>>tectia_client>>5.3.1
cpe:2.3:a:ssh:tectia_client:5.3.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
http://securitytracker.com/alerts/2008/Nov/1021235.html CBC mode connections are affected
Evaluator Impact

Evaluator Solution

With a valid username and password patches are available at the following link: https://downloads.ssh.com/

Vendor Statements
Organization : Red Hat
Last Modified : 2009-09-02T00:00:00

This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1287.html After reviewing the upstream fix for this issue, Red Hat does not intend to address this flaw in Red Hat Enterprise Linux 3 or 4 at this time.

References
HyperlinkSourceResource
http://isc.sans.org/diary.html?storyid=5366cve@mitre.org
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=125017764422557&w=2cve@mitre.org
N/A
http://openssh.org/txt/cbc.advcve@mitre.org
N/A
http://osvdb.org/49872cve@mitre.org
N/A
http://osvdb.org/50035cve@mitre.org
N/A
http://osvdb.org/50036cve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2009-1287.htmlcve@mitre.org
N/A
http://secunia.com/advisories/32740cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32760cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32833cve@mitre.org
N/A
http://secunia.com/advisories/33121cve@mitre.org
N/A
http://secunia.com/advisories/33308cve@mitre.org
N/A
http://secunia.com/advisories/34857cve@mitre.org
N/A
http://secunia.com/advisories/36558cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1cve@mitre.org
N/A
http://support.apple.com/kb/HT3937cve@mitre.org
N/A
http://support.attachmate.com/techdocs/2398.htmlcve@mitre.org
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htmcve@mitre.org
N/A
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txtcve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/958563cve@mitre.org
US Government Resource
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/498558/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/498579/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/32319cve@mitre.org
N/A
http://www.securitytracker.com/id?1021235cve@mitre.org
N/A
http://www.securitytracker.com/id?1021236cve@mitre.org
N/A
http://www.securitytracker.com/id?1021382cve@mitre.org
N/A
http://www.ssh.com/company/news/article/953/cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2008/3172cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/3173cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/3409cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1135cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/3184cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620cve@mitre.org
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667cve@mitre.org
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10106cve@mitre.org
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10163cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279cve@mitre.org
N/A
Hyperlink: http://isc.sans.org/diary.html?storyid=5366
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=125017764422557&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://openssh.org/txt/cbc.adv
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/49872
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/50035
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/50036
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-1287.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32740
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32760
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32833
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33121
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33308
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/34857
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36558
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3937
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.attachmate.com/techdocs/2398.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/958563
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/498558/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/498579/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/32319
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021235
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021236
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021382
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ssh.com/company/news/article/953/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/3172
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/3173
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/3409
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1135
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10106
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10163
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

160Records found
CVE-2011-3253
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-2.6||LOW
EPSS-0.12% / 32.11%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-22898
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-3.1||LOW
EPSS-0.11% / 30.58%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:49
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationSiemens AGSplunk LLC (Cisco Systems, Inc.)CURLFedora Project
Product-sinec_infrastructure_network_servicescommunications_cloud_native_core_service_communication_proxyuniversal_forwarderdebian_linuxcommunications_cloud_native_core_network_slice_selection_functionessbasecommunications_cloud_native_core_network_function_cloud_native_environmentfedoracommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_binding_support_functioncurlmysql_serverhttps://github.com/curl/curl
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2024-4596
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 15:31
Updated-01 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kimai Session information disclosure

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-n/a
Product-Kimai
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-3689
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 14:31
Updated-20 Aug, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zhejiang Land Zongheng Network Technology O2OA information disclosure

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Zhejiang Land Zongheng Network Technologyzhejiang_land_zongheng_network_technology
Product-O2OAo2oa
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-11791
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-3.1||LOW
EPSS-15.44% / 94.39%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1chakracorewindows_rt_8.1edgewindows_10internet_explorerChakraCore, Microsoft Edge, Internet Explorer
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0536
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0531
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.28% / 51.28%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877245. References: QC-CR#1087469.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0586
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.22% / 44.84%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10294
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0701
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-23.87% / 95.80%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found