30 matches found
Fedora 43 : perl-libwww-perl (2026-3b48ba7dc7)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b48ba7dc7 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...
DEBIAN-CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
CVE-2026-26994
The CVE-2026-26994 issue affects uTLS (a fork of crypto/tls) where versions 1.6.7 and earlier fail to implement TLS 1.3 downgrade protection as per RFC 8446 4.1.3 when using a uTLS ClientHello spec. An active network attacker could downgrade a TLS 1.3 handshake to a lower version (e.g., 1.2) by o...
CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...
uTLS 安全漏洞
uTLS is an open-source Go language codebase developed by Refraction Networking. Versions of uTLS 1.6.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of a TLS 1.3 downgrade protection mechanism, which could lead to connection downgrade attacks...
CVE-2023-50738
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified...
Zoom Rooms< 6.6.0 Vulnerability (ZSB-25050)
"The version of Zoom Rooms installed on the remote host is prior to 6.6.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-25050 advisory. - Software downgrade protection failure allows unauthenticated privilege escalation via local access.CVE-2025-67460 %NASLMINLEVEL 80900...
CVE-2025-67460
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...
CVE-2025-67460
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...
CVE-2025-67460
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...
CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...
CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...
CVE-2025-67460
CVE-2025-67460 affects Zoom Rooms for Windows prior to 6.6.0. The issue is a Protection Mechanism Failure of Software Downgrade , allowing an unauthenticated user with local access to escalate privileges. The vulnerability is scoped to the Windows version; CVSS v3.1 base score is 7.8 (HIGH) with ...
Zoom Rooms for Windows 安全漏洞
Zoom Rooms for Windows is a conference room software from Zoom USA. A security vulnerability exists in Zoom Rooms for Windows prior to version 6.6.0, which stems from a failure in the software's downgrade protection mechanism and could lead to elevation of privilege via local access by an...
Lexmark Printers Improper Validation of Integrity Check Value (CVE-2023-50738)
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. Lexmark documentation recommends that access to the Firmware Updates be restricted to trusted personnel. %NASLMINLEVEL 80900 C Tenable, Inc...