Redhat » Enterprise Linux : Security Vulnerabilities, CVEs, Published In April 2016 (Information Leak)
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
Max CVSS
5.9
EPSS Score
0.39%
Published
2016-04-13
Updated
2017-12-09
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
Max CVSS
6.5
EPSS Score
0.05%
Published
2016-04-13
Updated
2019-08-13
2 vulnerabilities found