Lucene search
K

30 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.6 views

Fedora 43 : perl-libwww-perl (2026-3b48ba7dc7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b48ba7dc7 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 3:16 a.m.4 views

DEBIAN-CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.3AI score0.00268EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/20 3:16 a.m.3 views

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.7AI score0.00268EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/02/20 2:50 a.m.5 views

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.3AI score0.00268EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/20 2:50 a.m.2 views

CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 2:50 a.m.25 views

CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS0.00268EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/20 2:50 a.m.6 views

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/20 2:50 a.m.25 views

CVE-2026-26994

The CVE-2026-26994 issue affects uTLS (a fork of crypto/tls) where versions 1.6.7 and earlier fail to implement TLS 1.3 downgrade protection as per RFC 8446 4.1.3 when using a uTLS ClientHello spec. An active network attacker could downgrade a TLS 1.3 handshake to a lower version (e.g., 1.2) by o...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/20 2:50 a.m.7 views

CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.4AI score0.00268EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

uTLS 安全漏洞

uTLS is an open-source Go language codebase developed by Refraction Networking. Versions of uTLS 1.6.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of a TLS 1.3 downgrade protection mechanism, which could lead to connection downgrade attacks...

6.5CVSS5.8AI score0.00268EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.4 views

CVE-2023-50738

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified...

4.3CVSS6.8AI score0.00267EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.3 views

Zoom Rooms< 6.6.0 Vulnerability (ZSB-25050)

"The version of Zoom Rooms installed on the remote host is prior to 6.6.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-25050 advisory. - Software downgrade protection failure allows unauthenticated privilege escalation via local access.CVE-2025-67460 %NASLMINLEVEL 80900...

7.8CVSS5.5AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/11 8:53 p.m.4 views

CVE-2025-67460

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

7.8CVSS7.2AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 9:16 p.m.4 views

CVE-2025-67460

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/12/10 9:16 p.m.5 views

CVE-2025-67460

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

7.8CVSS0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 8:37 p.m.17 views

CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

7.8CVSS0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 8:37 p.m.3 views

CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

7.8CVSS6.8AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 8:37 p.m.14 views

CVE-2025-67460

CVE-2025-67460 affects Zoom Rooms for Windows prior to 6.6.0. The issue is a Protection Mechanism Failure of Software Downgrade , allowing an unauthenticated user with local access to escalate privileges. The vulnerability is scoped to the Windows version; CVSS v3.1 base score is 7.8 (HIGH) with ...

7.8CVSS6.8AI score0.00136EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Zoom Rooms for Windows 安全漏洞

Zoom Rooms for Windows is a conference room software from Zoom USA. A security vulnerability exists in Zoom Rooms for Windows prior to version 6.6.0, which stems from a failure in the software's downgrade protection mechanism and could lead to elevation of privilege via local access by an...

7.8CVSS6.6AI score0.00136EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.3 views

Lexmark Printers Improper Validation of Integrity Check Value (CVE-2023-50738)

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. Lexmark documentation recommends that access to the Firmware Updates be restricted to trusted personnel. %NASLMINLEVEL 80900 C Tenable, Inc...

4.3CVSS5.2AI score0.00267EPSS
Exploits0References2
Rows per page
Query Builder