Lucene search
+L

357 matches found

UbuntuCve
UbuntuCve
added 2014/11/24 3:59 p.m.30 views

CVE-2014-8627

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

5CVSS6.3AI score0.0209EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/11/24 3:0 p.m.35 views

CVE-2014-8627

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

6.4AI score0.0209EPSS
Exploits0References3
OSV
OSV
added 2014/11/17 4:59 p.m.3 views

DEBIAN-CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7AI score0.01867EPSS
Exploits0References1
OSV
OSV
added 2014/11/17 4:59 p.m.5 views

UBUNTU-CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7.1AI score0.01867EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/11/17 4:59 p.m.28 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7.1AI score0.01867EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/11/17 4:0 p.m.103 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7.6AI score0.01867EPSS
Exploits0
CVE
CVE
added 2014/11/17 4:0 p.m.88 views

CVE-2014-5277

CVE-2014-5277 affects Docker before 1.3.1 and docker-py before 0.5.3, where fallbacks to HTTP occur if HTTPS to the registry fails. This enables man-in-the-middle downgrade attacks that can lead to exposure of authentication and image data when an attacker sits between the client and registry. Co...

5CVSS7.8AI score0.01867EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2014/11/17 12:0 a.m.2 views

PT-2014-6389 · Docker +1 · Docker +2

Name of the Vulnerable Software and Affected Versions: Docker versions prior to 1.3.1 docker-py versions prior to 0.5.3 Description: The issue allows man-in-the-middle attackers to conduct downgrade attacks. This can be achieved by leveraging a network position between the client and the registry...

10CVSS6.2AI score0.06452EPSS
Exploits1References45
Check Point Advisories
Check Point Advisories
added 2014/11/10 12:0 a.m.6 views

OpenSSL TLS Protocol Downgrade Attack (CVE-2014-3511)

OpenSSL allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server, even though both client and server support later TLS versions...

4.3CVSS4.3AI score0.13327EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2014/10/24 12:0 a.m.4 views

PT-2015-1696

Name of the Vulnerable Software and Affected Versions TLS protocol versions 1.2 and earlier Description The issue concerns a problem with the TLS protocol where a DHE EXPORT ciphersuite is enabled on a server but not on a client, allowing man-in-the-middle attackers to conduct cipher-downgrade...

4.3CVSS6.2AI score0.9986EPSS
Exploits1
ArchLinux
ArchLinux
added 2014/10/15 12:0 a.m.39 views

zeromq: Man-in-the-middle downgrade and replay attack

CVE-2014-7202 downgrade attack A bug in streamengine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 replay attack libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks...

4.3CVSS6.1AI score0.02015EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2014/10/14 11:44 p.m.12 views

POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer SSL 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most...

6.5AI score
Exploits0
OSV
OSV
added 2014/10/08 7:55 p.m.9 views

CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

9.1AI score
Exploits0References9
NVD
NVD
added 2014/10/08 7:55 p.m.22 views

CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

4.3CVSS6.2AI score0.02015EPSS
Exploits0References9
OSV
OSV
added 2014/10/08 7:55 p.m.6 views

DEBIAN-CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

4.3CVSS9AI score0.02015EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/10/08 7:55 p.m.26 views

CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

4.3CVSS7.2AI score0.02015EPSS
Exploits0References1
OSV
OSV
added 2014/10/08 7:55 p.m.5 views

UBUNTU-CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

4.3CVSS7.3AI score0.02015EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/10/08 7:0 p.m.28 views

CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

6.2AI score0.02015EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2014/08/13 9:32 p.m.4 views

openssl: TLS protocol downgrade attack

A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions...

4.3CVSS6.6AI score0.13327EPSS
Exploits0References5
Kitploit
Kitploit
added 2014/08/08 2:44 a.m.33 views

Unicorn - Tool for using a PowerShell downgrade attack and inject shellcode straight into memory

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy TrustedSec and Josh Kelly at Defcon 18. Usage is simple, just run Magic...

7.9AI score
Exploits0References1
Rows per page
Query Builder