Lucene search
K

210 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/08 2:33 a.m.5 views

The Bank of Tokyo-Mitsubishi UFJ for Android vulnerable to SSL/TLS downgrade attack

Overview The Bank of Tokyo-Mitsubishi UFJ for Android may be exploited by SSL/TLS downgrade attack. The Bank of Tokyo-Mitsubishi UFJ for Android provided by The Bank of Tokyo-Mitsubishi UFJ, Ltd. tries to communicate with a server via TLS v1.2. However, when a response from the server indicates S...

4.3CVSS6.5AI score0.00816EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/08/30 12:0 a.m.54 views

F5 Networks BIG-IP : Samba vulnerabilities (K53313971)

CVE-2016-2110 The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryptio...

5.9CVSS6.9AI score0.10232EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2016/08/01 1:54 p.m.13 views

Google Adds New Layer of Security to Domain: Adds HSTS

Google is adding HTTP Strict Transport Security or HSTS to the Google.com domain, an extra layer of protection that prevents visitors from using a less secure HTTP connection. By using HSTS, visitors following HTTP links to Google.com will be automatically redirected to the more secure HTTPS...

7AI score
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2016/05/12 12:0 a.m.79 views

F5 Networks BIG-IP : Samba vulnerabilities (K37603172) (Badlock)

CVE-2015-5370 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitra...

7.5CVSS7.3AI score0.3693EPSS
Exploits0References3
NVD
NVD
added 2016/04/25 12:59 a.m.16 views

CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

5.9CVSS6.6AI score0.09345EPSS
Exploits0References37
OSV
OSV
added 2016/04/25 12:59 a.m.5 views

CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

5.9CVSS7.3AI score0.09345EPSS
Exploits0References37
NVD
NVD
added 2016/04/25 12:59 a.m.13 views

CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

5.9CVSS6.8AI score0.08305EPSS
Exploits0References42
OSV
OSV
added 2016/04/25 12:59 a.m.5 views

AZL-44409 CVE-2016-2110 affecting package samba 4.18.3-2

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

5.9CVSS6.7AI score0.08305EPSS
Exploits0References1
OSV
OSV
added 2016/04/25 12:59 a.m.8 views

CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

5.9CVSS6.5AI score0.08305EPSS
Exploits0References42
NVD
NVD
added 2016/04/25 12:59 a.m.19 views

CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitrary code on a...

5.9CVSS7.6AI score0.19103EPSS
Exploits0References34
Prion
Prion
added 2016/04/25 12:59 a.m.18 views

Authentication flaw

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

4.3CVSS7.5AI score0.08305EPSS
Exploits0References42Affected Software2
Prion
Prion
added 2016/04/25 12:59 a.m.19 views

Code injection

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

4.3CVSS7.4AI score0.09345EPSS
Exploits0References37Affected Software2
OSV
OSV
added 2016/04/25 12:59 a.m.1 views

DEBIAN-CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitrary code on a...

5.9CVSS8.8AI score0.19103EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/04/25 12:0 a.m.26 views

CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

6.7AI score0.08305EPSS
Exploits0References42
CVE
CVE
added 2016/04/25 12:0 a.m.165 views

CVE-2015-5370

CVE-2015-5370 affects Samba 3.x and 4.x (pre-4.2.11, pre-4.3.8, pre-4.4.2). It stems from flaws in Samba’s DCE/RPC implementation, enabling remote attackers to cause a denial of service or perform protocol-downgrade attacks, with the possibility of arbitrary code execution on a client system via ...

5.9CVSS7.7AI score0.19103EPSS
Exploits0References34Affected Software1
Debian CVE
Debian CVE
added 2016/04/25 12:0 a.m.38 views

CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

5.9CVSS6.8AI score0.09345EPSS
Exploits0
CVE
CVE
added 2016/04/25 12:0 a.m.145 views

CVE-2016-2110

CVE-2016-2110 affects Samba NTLMSSP in Samba 3.x/4.x (pre-4.2.11, pre-4.3.8, pre-4.4.2). The vulnerability lets an unauthenticated MITM downgrade the protocol by clearing NTLMSSP_NEGOTIATE_SEAL/NTLMSSP_NEGOTIATE_SIGN, potentially disrupting LDAP security. The related F5 advisories reiterate the s...

5.9CVSS6.7AI score0.08305EPSS
Exploits0References42Affected Software1
NVD
NVD
added 2016/04/12 11:59 p.m.29 views

CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data...

7.5CVSS7.5AI score0.3693EPSS
Exploits0References45
OSV
OSV
added 2016/04/12 11:59 p.m.2 views

DEBIAN-CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data...

7.5CVSS6.5AI score0.3693EPSS
Exploits0References1
OSV
OSV
added 2016/04/12 11:59 p.m.17 views

CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data...

7.5CVSS7.3AI score0.3693EPSS
Exploits0References45
Rows per page
Query Builder