Lucene search
+L

191 matches found

CNVD
CNVD
added 2020/03/25 12:0 a.m.5 views

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-32870)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by attackers to perform downgrade and/or dictionary attacks...

5.4CVSS6.6AI score0.00121EPSS
Exploits0References1
NVD
NVD
added 2020/01/14 5:15 p.m.29 views

CVE-2014-2271

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java...

8.1CVSS8.2AI score0.01508EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/01/14 4:7 p.m.24 views

CVE-2014-2271

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java...

8.2AI score0.01508EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/01/09 7:4 p.m.114 views

Exploit Fully Breaks SHA-1, Lowers the Attack Bar

A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 SHA-1 code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by...

7.1AI score
Exploits0References7
Hacker One
Hacker One
added 2019/11/24 10:24 a.m.158 views

Internet Bug Bounty: Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd

Full background information is at our website and detailed information can be found in our research paper. Vulnerability Summary First Disclosure Summarized, the Dragonfly handshake of WPA3 and EAP-pwd is supposed to prevent dictionary attacks. However, we discovered design flaws that still enabl...

7.5CVSS8AI score0.07624EPSS
Exploits1
Prion
Prion
added 2019/07/16 6:15 p.m.26 views

Design/Logic Flaw

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol...

5CVSS7.3AI score0.01932EPSS
Exploits0References4Affected Software2
The Hacker News
The Hacker News
added 2019/04/10 6:30 p.m.4 views

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password

🔥 Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi...

5.9CVSS6.8AI score0.03739EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/04/10 6:30 p.m.747 views

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password

🔥 Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi...

5.9CVSS0.6AI score0.03739EPSS
Exploits0
OpenVAS
OpenVAS
added 2019/02/26 12:0 a.m.9 views

Linux: MAC algorithms

This variable limits the types of MAC algorithms that SSH can use during communication. MD5 and 96-bit MAC algorithms are considered weak and have been shown to increase exploitability in SSH downgrade attacks. Weak algorithms continue to have a great deal of attention as a weak spot that can be...

5.8AI score
Exploits0References6
OSV
OSV
added 2019/01/03 4:29 p.m.12 views

CVE-2018-16870

It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data...

5.9CVSS6.7AI score
Exploits0References2
Debian CVE
Debian CVE
added 2019/01/03 4:0 p.m.23 views

CVE-2018-16870

It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data...

5.9CVSS3.2AI score0.01585EPSS
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/08/30 9:19 a.m.42 views

Smart Lock Security: Interview with hardware.io

In advance of the hardware.io event at The Hague next month Andrew Tierney gave them an interview about smart lock security… Technology today has transformed the traditional locks to smart locks. Thanks to the advancement in the technical frontier. The days of the mechanical lock and keys has...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2018/05/25 7:27 p.m.16 views

Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim

The popular home automation protocol Z-Wave, used by millions of IoT devices, is vulnerable to a downgrade attack that could allow an adversary to take control of targeted devices, according to researchers. Z-Wave is a wireless protocol used by 2,400 vendors; its wireless chipsets are embedded in...

0.4AI score
Exploits0References3
Prion
Prion
added 2018/01/08 7:29 p.m.29 views

Design/Logic Flaw

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

5CVSS6.9AI score0.98685EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2018/01/08 7:0 p.m.99 views

CVE-2015-2319

CVE-2015-2319: Mono’s TLS stack vulnerability (pre-3.12.1) facilitates cipher-downgrade to EXPORT_RSA ciphers via crafted TLS traffic, related to the FREAK issue. The advisory notes this is a distinct issue from CVE-2015-0204. Affected product: Mono TLS up to version 3.12.0; fix is to upgrade to ...

7.5CVSS6.3AI score0.03152EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2018/01/08 7:0 p.m.36 views

CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

6.4AI score0.03152EPSS
Exploits0References8
OSV
OSV
added 2017/09/29 1:34 a.m.9 views

CVE-2015-1027

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the...

5.9CVSS6.4AI score0.01195EPSS
Exploits1References4
Cvelist
Cvelist
added 2017/09/28 7:0 p.m.21 views

CVE-2015-1027

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the...

5.6AI score0.01195EPSS
Exploits1References2
n0where
n0where
added 2017/06/19 4:38 p.m.23 views

Automated ettercap TCP/IP Hijacking Tool: Morpheus

morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host… workflow: 1. attacker - arp poison local lan mit...

0.8AI score
Exploits0References1
OSV
OSV
added 2017/06/06 4:29 p.m.6 views

CVE-2017-5243

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the...

8.5CVSS5.8AI score0.00507EPSS
Exploits0References1
Rows per page
Query Builder