Lucene search
+L

191 matches found

OSV
OSV
added 2016/04/14 12:0 a.m.47 views

DSA-3548-2 samba - regression update

Bulletin has no description...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2016/04/13 12:0 a.m.53 views

Debian Security Advisory DSA 3548-1 (samba - security update)

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to deni...

6.8CVSS0.7AI score0.3693EPSS
Exploits2References1
OSV
OSV
added 2016/04/13 12:0 a.m.40 views

DSA-3548-1 samba - security update

Bulletin has no description...

7.5CVSS6.9AI score0.3693EPSS
Exploits0
Prion
Prion
added 2016/04/12 11:59 p.m.19 views

Design/Logic Flaw

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attacker...

5.8CVSS6.7AI score0.3693EPSS
Exploits0References6Affected Software3
OpenVAS
OpenVAS
added 2016/04/12 12:0 a.m.34 views

Debian: Security Advisory (DSA-3548-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.3693EPSS
Exploits0References6
NVD
NVD
added 2015/12/29 10:59 p.m.20 views

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

5.4CVSS6.2AI score0.07263EPSS
Exploits0References25
OSV
OSV
added 2015/12/29 10:59 p.m.5 views

DEBIAN-CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

5.4CVSS6.4AI score0.07263EPSS
Exploits0References1
OSV
OSV
added 2015/12/29 10:59 p.m.8 views

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

5.4CVSS6.7AI score0.07263EPSS
Exploits0References37
Prion
Prion
added 2015/12/29 10:59 p.m.13 views

Code injection

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

4.3CVSS6.7AI score0.07263EPSS
Exploits0References25Affected Software3
Debian CVE
Debian CVE
added 2015/12/29 10:0 p.m.46 views

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

5.4CVSS6.4AI score0.07263EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/12/16 12:0 a.m.35 views

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

5.4CVSS6.8AI score0.07263EPSS
Exploits0References3
Prion
Prion
added 2015/11/24 8:59 p.m.15 views

Information disclosure

SAP Manufacturing Integration and Intelligence aka MII, formerly xMII uses weak encryption Base64 and DES, which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274...

5CVSS7AI score0.00968EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/11/24 8:0 p.m.20 views

CVE-2015-8329

SAP Manufacturing Integration and Intelligence aka MII, formerly xMII uses weak encryption Base64 and DES, which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274...

6.6AI score0.00968EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/10/05 12:0 a.m.241 views

F5 Networks BIG-IP : OpenSSL vulnerability (SOL16139) (FREAK)

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role. C Tenable...

4.3CVSS7.4AI score0.98685EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2015/09/30 12:0 a.m.29 views

F5 BIG-IP - GnuTLS RSA PKCS signature vulnerability CVE-2015-0282

The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

5CVSS7.3AI score0.01397EPSS
Exploits0References1
CVE
CVE
added 2015/08/20 10:0 a.m.70 views

CVE-2015-0535

Technical details about CVE-2015-0535 are not provided in the connected documents. Public information that is present covers FREAK generally and related CVEs, but does not specify affected products, versions, or fixes for this exact CVE. Monitor for updates.

7.5CVSS6.4AI score0.0106EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2015/08/20 10:0 a.m.91 views

CVE-2015-0533

CVE-2015-0533 concerns EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x prior to 4.0.8 and 4.1.x prior to 4.1.3, and RSA BSAFE SSL-C 2.8.9 and earlier. It allows remote SSL servers to perform an ECDHE-to-ECDH downgrade by omitting the ServerKeyExchange message, potentially harming forward secrecy. T...

7.5CVSS6.8AI score0.00801EPSS
Exploits2References2Affected Software2
Cvelist
Cvelist
added 2015/08/20 10:0 a.m.38 views

CVE-2015-0533

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-35...

6.1AI score0.00801EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2015/07/02 12:0 a.m.1568 views

HSTS Missing From HTTPS Server

The remote HTTPS server is not enforcing HTTP Strict Transport Security HSTS. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and...

5.6AI score
Exploits0References1
NVD
NVD
added 2015/06/03 8:59 p.m.19 views

CVE-2014-9721

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header...

4.3CVSS6.5AI score0.02529EPSS
Exploits0References5
Rows per page
Query Builder