Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
diffie-hellman key exchange project diffie-hellman key exchange - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-40735
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgro...
Diffie-hellman Key Exchange Project Diffie-hellman Key Exchange -
7.3
CVSSv3
CVE-2016-1978
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, allows remote malicious users to cause a denial of service or possibly have unspecified other impact b...
Mozilla Firefox
Mozilla Network Security Services
3.7
CVSSv3
CVE-2016-0701
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 prior to 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote malicious users to discover a private DH exponent by making multiple ha...
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2d
1 Article
3.7
CVSSv3
CVE-2015-4000
The TLS protocol 1.2 and previous versions, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle malicious users to conduct cipher-downgrade attacks by rewriting a ClientHello with D...
Openssl Openssl
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Hp Hp-ux B.11.31
Ibm Content Manager 8.5
Oracle Jrockit R28.3.6
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Oracle Jdk 1.8.0
Oracle Jre 1.7.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Suse Linux Enterprise Server 11.0
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Desktop 12
Suse Suse Linux Enterprise Server 12
Apple Mac Os X
Apple Iphone Os
1 Nmap script
4 Github repositories
1 Article
NA
CVE-2014-3569
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected ...
Openssl Openssl 1.0.1j
NA
CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL up to and including 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote malicious users to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL conn...
Openssl Openssl
Mariadb Mariadb
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Workstation Extension 12
1 Article
NA
CVE-2010-3173
The SSL implementation in Mozilla Firefox prior to 3.5.14 and 3.6.x prior to 3.6.11, Thunderbird prior to 3.0.9 and 3.1.x prior to 3.1.5, and SeaMonkey prior to 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for r...
Mozilla Firefox 3.6
Mozilla Firefox 3.6.8
Mozilla Firefox 3.6.2
Mozilla Firefox 3.6.10
Mozilla Firefox 3.6.9
Mozilla Firefox 3.6.6
Mozilla Firefox 3.6.7
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.4
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.0.4
Mozilla Seamonkey 1.0.5
Mozilla Seamonkey 1.1.10
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.1.16
Mozilla Seamonkey 1.1.17
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 1.1.8
Mozilla Seamonkey 2.0
Mozilla Seamonkey 2.0.1
Mozilla Seamonkey 1.0.6
Mozilla Seamonkey 1.0.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started