268 matches found
CVE-2024-38148
Windows Secure Channel Denial of Service Vulnerability...
CVE-2024-38148 Windows Secure Channel Denial of Service Vulnerability
...
CVE-2024-38148
CVE-2024-38148 is documented in the provided connected documents as a Windows Schannel/ Transport Layer Security denial-of-service vulnerability (CVSS v3.1 base score 7.5, NETWORK attack vector, no user interaction). The associated impacts in the sources indicate a DoS condition affecting Windows...
Windows Secure Channel Denial of Service Vulnerability
...
Microsoft Windows Secure Channel 安全漏洞
Microsoft Windows Secure Channel is a Security Support Provider SSP from Microsoft Corporation USA that contains a set of security protocols that provide authentication and secure, private communications through encryption. A security vulnerability exists in Microsoft Windows Secure Channel. An...
PT-2024-5644
Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description An issue exists within the Windows Secure Channel Schannel component that can lead to a denial-of-service condition. Exploitation of this issue may allow a remote attacker to cause a...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
CLSA-2024-1707420378 Fix CVE(s): CVE-2023-48795
SECURITY UPDATE: it's possible to remove the initial messages on the secure channel without causing a MAC failure - debian/patches/CVE-2023-48795.patch: implement "strict key exchange" in ssh and sshd - CVE-2023-48795...
Fedora: Security Advisory (FEDORA-2024-7e301327c2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)
A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...
GO-2023-2402 Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto
A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware. The impact of this atta...
Windows Hello fingerprint authentication can be bypassed on popular laptops
Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. Microsoft’s Offensive Research and Security Engineering MORSE asked the researchers to evaluate the security of the top three...
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...
samba security update
An update is available for samba. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...
RHEL 9 : samba (RHSA-2023:2137)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2137 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allo...
Important: samba security update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and...
The vulnerability of the Secure Channel component in Windows operating systems, which allows a hacker to cause a service failure
The vulnerability of the Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the Windows Secure Channel component in Windows operating systems allows a perpetrator to trigger a service failure.
The vulnerability of the Windows Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using specially created data...