210 matches found
CVE-2016-0128
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attacker...
Design/Logic Flaw
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attacker...
CVE-2016-2118
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data...
CVE-2016-2112
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...
UBUNTU-CVE-2015-5370
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitrary code on a...
UBUNTU-CVE-2016-2118
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data...
Viprinet Europe Multichannel VPN Router 300 Protocol Downgrade Vulnerability
Viprinet Europe Multichannel VPN Router 300 is a multichannel VPN router product from Viprinet Europe, Germany. A security vulnerability exists in the Viprinet Europe Multichannel VPN Router 300. An attacker could exploit this vulnerability to perform protocol degradation attacks...
USN-2839-1 cups update
As a security improvement against the POODLE attack, this update disables SSLv3 support in the CUPS web interface. For legacy environments where SSLv3 support is still required, it can be re-enabled by adding "SSLOptions AllowSSL3" to /etc/cups/cupsd.conf...
Oracle: Security Advisory (ELSA-2014-1652)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2014-1052)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2015:1510-1 Security update for zeromq
zeromq was updated to fix one security issue and one non-security bug. The following vulnerability was fixed: CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol boo931978 The following bug was fixed: boo912460: avoid curve test to hang for ppc ppc64 ppc64le...
openSUSE Security Update : zeromq (openSUSE-2015-409)
zeromq was updated to fix one security issue and two non-security bugs. The following vulnerabilities were fixed : - CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol boo931978 The following bugs were fixed : - boo912460: avoid curve test to hang for ppc ppc64...
Fedora 22 : zeromq-4.0.5-3.fc22 (2015-8635)
Cherry-pick a fix for the protocol downgrade attack CVE-2014-9721 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
CVE-2015-3630
Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...
CVE-2015-3630
Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...
CVE-2015-3630
Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...
CVE-2015-3630
Docker Engine prior to 1.6.1 is vulnerable to CVE-2015-3630 due to weak permissions on /proc paths (/proc/asound, /proc/timer_stats, /proc/latency_stats, /proc/fs). This lets a local attacker modify the host, access sensitive information, and, via a crafted image, enable protocol downgrade attack...
Debian DSA-3255-1 : zeromq3 - security update
It was discovered that libzmq, a lightweight messaging kernel, is susceptible to a protocol downgrade attack on sockets using the ZMTP v3 protocol. This could allow remote attackers to bypass ZMTP v3 security mechanisms by sending ZMTP v2 or earlier headers. %NASLMINLEVEL 70300 C Tenable Network...
[SECURITY] [DSA 3255-1] zeromq3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3255-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 10, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3255-1] zeromq3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3255-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 10, 2015 http://www.debian.org/security/faq -...