16 matches found
EUVD-2026-20503
OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...
PT-2026-31326
Name of the Vulnerable Software and Affected Versions OpenAirInterface version 2.2.0 Description OpenAirInterface version 2.2.0 allows Security Mode Complete without integrity protection. Despite supporting integrity protection configurations NIA1 and NIA2, the system accepts initial registration...
CVE-2024-28067
A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle MITM attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext...
CVE-2025-29989
Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial...
USN-6589-1 filezilla vulnerability
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information...
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
The remote SSH server is supporting an specific encryption algorithm or MAC. Parts of their SSH specification are vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, a...
CVE-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle
Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...
Security Bulletin: Vulnerabilities in OpenSSL affect GPFS V3.5 for Windows (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs...
postgresql: Reconnection can downgrade connection security settings
A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...
postgresql: Reconnection can downgrade connection security settings
A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...
postgresql: Reconnection can downgrade connection security settings
A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...
postgresql: Reconnection can downgrade connection security settings
A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...
CVE-2016-9166
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security...
Security Bulletin: Vulnerabilities in OpenSSL affect System x Integrated Management Module (IMM) (CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module IMM. IMM hasaddressed the applicable CVEs...
Google Chrome HTTPS Security Downgrade Vulnerability
Google Chrome is an open source web browser. Google Chrome has a security vulnerability that allows remote attackers to exploit the vulnerability to submit special requests, weakening the security protections of HTTPS...
Samba 4.2.x < 4.2.10 Multiple Vulnerabilities (Badlock)
Binary data 9231.prm...