Lucene search
K

268 matches found

OSV
OSV
added 2024/08/13 6:15 p.m.1 views

CVE-2024-38148

Windows Secure Channel Denial of Service Vulnerability...

7.5CVSS5.8AI score0.31809EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/13 5:30 p.m.33 views

CVE-2024-38148 Windows Secure Channel Denial of Service Vulnerability

...

7.5CVSS6.9AI score0.31809EPSS
Exploits0References1
CVE
CVE
added 2024/08/13 5:30 p.m.89 views

CVE-2024-38148

CVE-2024-38148 is documented in the provided connected documents as a Windows Schannel/ Transport Layer Security denial-of-service vulnerability (CVSS v3.1 base score 7.5, NETWORK attack vector, no user interaction). The associated impacts in the sources indicate a DoS condition affecting Windows...

7.5CVSS7.5AI score0.31809EPSS
Exploits0References1Affected Software6
Microsoft CVE
Microsoft CVE
added 2024/08/13 7:0 a.m.24 views

Windows Secure Channel Denial of Service Vulnerability

...

7.5CVSS7.1AI score0.31809EPSS
Exploits0
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.3 views

Microsoft Windows Secure Channel 安全漏洞

Microsoft Windows Secure Channel is a Security Support Provider SSP from Microsoft Corporation USA that contains a set of security protocols that provide authentication and secure, private communications through encryption. A security vulnerability exists in Microsoft Windows Secure Channel. An...

7.5CVSS6.3AI score0.31809EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.2 views

PT-2024-5644

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description An issue exists within the Windows Secure Channel Schannel component that can lead to a denial-of-service condition. Exploitation of this issue may allow a remote attacker to cause a...

7.8CVSS6.4AI score0.31809EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2024/05/22 8:40 p.m.9 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.7AI score0.9378EPSS
Exploits4References6
OSV
OSV
added 2024/02/08 7:26 p.m.6 views

CLSA-2024-1707420378 Fix CVE(s): CVE-2023-48795

SECURITY UPDATE: it's possible to remove the initial messages on the secure channel without causing a MAC failure - debian/patches/CVE-2023-48795.patch: implement "strict key exchange" in ssh and sshd - CVE-2023-48795...

5.9CVSS7AI score0.9378EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2024/01/18 12:0 a.m.36 views

Fedora: Security Advisory (FEDORA-2024-7e301327c2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.9378EPSS
Exploits11References2
RedHat Linux
RedHat Linux
added 2024/01/10 6:19 p.m.3 views

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

8.7CVSS5.8AI score0.0118EPSS
Exploits0References5
OSV
OSV
added 2023/12/18 9:18 p.m.49 views

GO-2023-2402 Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto

A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware. The impact of this atta...

5.9CVSS6.4AI score0.9378EPSS
Exploits4References5
Malwarebytes
Malwarebytes
added 2023/11/24 7:36 p.m.31 views

Windows Hello fingerprint authentication can be bypassed on popular laptops

Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. Microsoft’s Offensive Research and Security Engineering MORSE asked the researchers to evaluate the security of the top three...

7.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/06/06 2:14 p.m.6 views

samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...

8.1CVSS6.5AI score0.02559EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2023/05/05 3:41 p.m.36 views

samba security update

An update is available for samba. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...

8.1CVSS8.2AI score0.02559EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/04 7:40 p.m.5 views

samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...

8.1CVSS6.5AI score0.02559EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/04 6:40 p.m.2 views

samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...

8.1CVSS6.5AI score0.02559EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/04 12:0 a.m.33 views

RHEL 9 : samba (RHSA-2023:2137)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2137 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allo...

8.1CVSS7AI score0.02559EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2023/05/04 12:0 a.m.47 views

Important: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and...

8.1CVSS8.2AI score0.02559EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/04/25 12:0 a.m.4 views

The vulnerability of the Secure Channel component in Windows operating systems, which allows a hacker to cause a service failure

The vulnerability of the Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.8CVSS7.3AI score0.01731EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/04/25 12:0 a.m.4 views

The vulnerability of the Windows Secure Channel component in Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Windows Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using specially created data...

7.8CVSS7.3AI score0.02026EPSS
Exploits0References3
Rows per page
Query Builder