Lucene search
K

210 matches found

OSV
OSV
added 2016/04/12 11:59 p.m.2 views

CVE-2016-0128

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attacker...

6.8CVSS5.8AI score0.3693EPSS
Exploits0References6
Prion
Prion
added 2016/04/12 11:59 p.m.19 views

Design/Logic Flaw

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attacker...

5.8CVSS6.7AI score0.3693EPSS
Exploits0References6Affected Software3
Debian CVE
Debian CVE
added 2016/04/12 11:0 p.m.42 views

CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data...

7.5CVSS6.8AI score0.3693EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/04/12 12:0 a.m.26 views

CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...

5.9CVSS6.8AI score0.09345EPSS
Exploits0References3
OSV
OSV
added 2016/04/12 12:0 a.m.4 views

UBUNTU-CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitrary code on a...

5.9CVSS7.2AI score0.19103EPSS
Exploits0References4
OSV
OSV
added 2016/04/12 12:0 a.m.1 views

UBUNTU-CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data...

7.5CVSS6.8AI score0.3693EPSS
Exploits0References5
CNVD
CNVD
added 2016/02/22 12:0 a.m.6 views

Viprinet Europe Multichannel VPN Router 300 Protocol Downgrade Vulnerability

Viprinet Europe Multichannel VPN Router 300 is a multichannel VPN router product from Viprinet Europe, Germany. A security vulnerability exists in the Viprinet Europe Multichannel VPN Router 300. An attacker could exploit this vulnerability to perform protocol degradation attacks...

7.5CVSS6.8AI score0.03649EPSS
Exploits0References1
OSV
OSV
added 2015/12/16 5:33 p.m.2 views

USN-2839-1 cups update

As a security improvement against the POODLE attack, this update disables SSLv3 support in the CUPS web interface. For legacy environments where SSLv3 support is still required, it can be re-enabled by adding "SSLOptions AllowSSL3" to /etc/cups/cupsd.conf...

5.8AI score
Exploits0References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.52 views

Oracle: Security Advisory (ELSA-2014-1652)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.99999EPSS
Exploits106References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.57 views

Oracle: Security Advisory (ELSA-2014-1052)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.51436EPSS
Exploits0References2
OSV
OSV
added 2015/08/31 9:45 a.m.4 views

SUSE-SU-2015:1510-1 Security update for zeromq

zeromq was updated to fix one security issue and one non-security bug. The following vulnerability was fixed: CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol boo931978 The following bug was fixed: boo912460: avoid curve test to hang for ppc ppc64 ppc64le...

4.3CVSS9.4AI score0.02529EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/11 12:0 a.m.25 views

openSUSE Security Update : zeromq (openSUSE-2015-409)

zeromq was updated to fix one security issue and two non-security bugs. The following vulnerabilities were fixed : - CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol boo931978 The following bugs were fixed : - boo912460: avoid curve test to hang for ppc ppc64...

4.3CVSS8.2AI score0.02529EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/02 12:0 a.m.29 views

Fedora 22 : zeromq-4.0.5-3.fc22 (2015-8635)

Cherry-pick a fix for the protocol downgrade attack CVE-2014-9721 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

4.3CVSS8.2AI score0.02529EPSS
Exploits0References3
NVD
NVD
added 2015/05/18 3:59 p.m.13 views

CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

7.2CVSS7.3AI score0.00548EPSS
Exploits0References5
OSV
OSV
added 2015/05/18 3:59 p.m.13 views

CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

7.2AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2015/05/18 3:59 p.m.26 views

CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

7.2CVSS7.1AI score0.00548EPSS
Exploits0References2
CVE
CVE
added 2015/05/18 3:0 p.m.79 views

CVE-2015-3630

Docker Engine prior to 1.6.1 is vulnerable to CVE-2015-3630 due to weak permissions on /proc paths (/proc/asound, /proc/timer_stats, /proc/latency_stats, /proc/fs). This lets a local attacker modify the host, access sensitive information, and, via a crafted image, enable protocol downgrade attack...

7.2CVSS7.1AI score0.00548EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/05/12 12:0 a.m.23 views

Debian DSA-3255-1 : zeromq3 - security update

It was discovered that libzmq, a lightweight messaging kernel, is susceptible to a protocol downgrade attack on sockets using the ZMTP v3 protocol. This could allow remote attackers to bypass ZMTP v3 security mechanisms by sending ZMTP v2 or earlier headers. %NASLMINLEVEL 70300 C Tenable Network...

4.3CVSS8.2AI score0.02529EPSS
Exploits0References4
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.39 views

[SECURITY] [DSA 3255-1] zeromq3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3255-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 10, 2015 http://www.debian.org/security/faq -...

1.7AI score
Exploits0
Debian
Debian
added 2015/05/10 8:39 a.m.18 views

[SECURITY] [DSA 3255-1] zeromq3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3255-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 10, 2015 http://www.debian.org/security/faq -...

6.9AI score
Exploits0
Rows per page
Query Builder