CVE-2013-3587

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of...

CVE-2013-3587

CVE-2013-3587 (BREACH) concerns TLS/SSL data compression leaks where compressed HTTPS responses reveal plaintext by observing size differences. The linked documents confirm this is a BREACH-type issue affecting HTTPS with HTTP compression, not tied to a single product. Mitigations documented incl...

USN-4288-1 ppp vulnerability

It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code...

Fedora: Security Advisory for opensmtpd (FEDORA-2020-270ef80e9e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

This Week in Security News: Over 2,000 WordPress Accounts Compromised and Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, over two thousand WordPress sites were compromised using a malicious script that redirects visitors to scam websites. Also, read about how...

LANCOM Device Detection (SIP)

Detection of LANCOM devices. This script performs SIP based detection of LANCOM devices. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as...

LoRaWAN for IoT: Beware Encryption Misconfigurations and Security Pitfalls

UPDATE The LoRaWAN protocol, which efficiently supports low-power wireless devices over wide area networks, has become standard in the world of the industrial internet of things IoT. One of its benefits is its support for end-to-end encryption. However, researchers are warning that while LoRaWAN...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2019-1650)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-2574

Removed by vendor...

CVE-2019-3981

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password...

Design/Logic Flaw

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password...

CVE-2019-3981

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password...

Oracle Demantra Demand Management CVE-2020-2557 Remote Security Vulnerability

Description Oracle Demantra Demand Management is prone to a remote security vulnerability. The vulnerability can be exploited over 'HTTP' protocol. The 'Security' component is affected. This vulnerability affects the following supported versions: 12.2.4, 12.2.4.1, 12.2.5, 12.2.5.1 Technologies...

Linux: SSH Protocol

Older versions of SSH support two different and incompatible protocols: SSH1 and SSH2. SSH1 was the original protocol and was subject to security issues. SSH2 is more advanced and secure. SSH v1 suffers from insecurities that do not affect SSH v2. Copyright C 2020 Greenbone Networks GmbH...

Fedora Update for libssh2 FEDORA-2019-91529f19e4

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for nbdkit FEDORA-2019-bd19067cb4

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for libnbd FEDORA-2019-d20b357d44

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for scapy FEDORA-2019-20d6b8f9c4

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-17023

CVE-2019-17023 is a protocol-downgrade vulnerability in NSS (Network Security Services). After a HelloRetryRequest is sent during TLS, a client may negotiate a lower protocol than TLS 1.3, causing an invalid TLS state transition and causing subsequent Application Data records to be ignored. This ...

CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...