26 matches found
CLSA-2026-1777310722 openldap: Fix of 15 CVEs
CVE-2019-13565: SASL session encryption SSF not reset on new connection, allowing downgrade - CVE-2020-12243: slapd crash via deeply nested LDAP search filter boolean expressions - CVE-2020-25692: NULL pointer dereference in slapd during modRDN request - CVE-2020-25709: slapd assertion failure...
GHSA-82FM-WPC2-5PMP Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 session resumption logic if the subsequent ClientHello negotiates TLS 1.2 back. An attacker can gain unauthorized access by impersonating a...
CVE-2026-32309
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...
CVE-2026-32309
Cryptomator (hub-based unlock flow) is affected prior to version 1.19.1. The vault metadata may drive OAuth and key-loading traffic over plaintext HTTP or insecure endpoint schemes instead of HTTPS, enabling a network attacker to observe or tamper with traffic. Bearer tokens and endpoint-level tr...
AMD Processors 安全漏洞
AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, which stem from improper lockpick protection measures. These vulnerabilities may lead to firmware downgrades and loss of integrity. The following produc...
SUSE SLES15 Security Update : gpg2 (SUSE-SU-2026:0214-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0214-1 advisory. - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid potential downgrade to SHA1 in 3rd...
Security update for gpg2
This update for gpg2 fixes the following issues: CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. Error out on unverified output for non-detached signatures...
SUSE-SU-2026:0214-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. - Error out on unverified output for non-detached signatures...
Alibaba Cloud Linux 3 : 0199: curl (ALINUX3-SA-2025:0199)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0199 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9086: 1. A cookie is set using the secure...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-2382)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...
CVE-2025-59270
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.2...
CVE-2025-59270 psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.2...
Debian dla-4290 : python3-h2 - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4290 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4290-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-6529
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...
USN-6561-1 libssh vulnerability
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
CVE-2023-20082
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...
CVE-2018-25029
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability CVE-2013-20003 to intercept and spoof traffic...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...