Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

diffie-hellman key exchange project diffie-hellman key exchange - vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2022-40735
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgro...
Diffie-hellman Key Exchange Project Diffie-hellman Key Exchange -
7.3
CVSSv3
CVE-2016-1978
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, allows remote malicious users to cause a denial of service or possibly have unspecified other impact b...
Mozilla FirefoxMozilla Network Security Services
3.7
CVSSv3
CVE-2016-0701
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 prior to 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote malicious users to discover a private DH exponent by making multiple ha...
Openssl Openssl 1.0.2aOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.2Openssl Openssl 1.0.2d
3.7
CVSSv3
CVE-2015-4000
The TLS protocol 1.2 and previous versions, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle malicious users to conduct cipher-downgrade attacks by rewriting a ClientHello with D...
Openssl OpensslCanonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.10Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.04Hp Hp-ux B.11.31Ibm Content Manager 8.5Oracle Jrockit R28.3.6Debian Debian Linux 8.0Debian Debian Linux 7.0Oracle Jdk 1.8.0Oracle Jre 1.7.0Oracle Jre 1.6.0Oracle Jre 1.8.0Oracle Jdk 1.7.0Oracle Jdk 1.6.0Suse Linux Enterprise Server 11.0Suse Linux Enterprise Software Development Kit 12Suse Linux Enterprise Desktop 12Suse Suse Linux Enterprise Server 12Apple Mac Os XApple Iphone Os
NA
CVE-2014-3569
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected ...
Openssl Openssl 1.0.1j
NA
CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL up to and including 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote malicious users to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL conn...
Openssl OpensslMariadb MariadbFedoraproject Fedora 20Fedoraproject Fedora 19Suse Linux Enterprise Server 12Suse Linux Enterprise Software Development Kit 12Suse Linux Enterprise Desktop 12Suse Linux Enterprise Workstation Extension 12
NA
CVE-2010-3173
The SSL implementation in Mozilla Firefox prior to 3.5.14 and 3.6.x prior to 3.6.11, Thunderbird prior to 3.0.9 and 3.1.x prior to 3.1.5, and SeaMonkey prior to 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for r...
Mozilla Firefox 3.6Mozilla Firefox 3.6.8Mozilla Firefox 3.6.2Mozilla Firefox 3.6.10Mozilla Firefox 3.6.9Mozilla Firefox 3.6.6Mozilla Firefox 3.6.7Mozilla Firefox 3.6.3Mozilla Firefox 3.6.4Mozilla Seamonkey 1.0.3Mozilla Seamonkey 1.0.4Mozilla Seamonkey 1.0.5Mozilla Seamonkey 1.1.10Mozilla Seamonkey 1.0Mozilla Seamonkey 1.1.16Mozilla Seamonkey 1.1.17Mozilla Seamonkey 1.1.7Mozilla Seamonkey 1.1.8Mozilla Seamonkey 2.0Mozilla Seamonkey 2.0.1Mozilla Seamonkey 1.0.6Mozilla Seamonkey 1.0.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook