10 matches found
EUVD-2011-4533
Malware in sbrugna...
BIT-SPARK-2021-38296 Apache Spark Key Negotiation Vulnerability
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...
Authentication flaw
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...
CVE-2021-38296 Apache Spark Key Negotiation Vulnerability
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...
Microsoft Windows Task Scheduler Security Feature Bypass Vulnerability
Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his...
Amazon Linux AMI : samba (ALAS-2016-732)
A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
CentOS Update for samba4 CESA-2016:1487 centos6
Check the version of samba4 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882525";...
CentOS 6 : samba4 (CESA-2016:1487)
An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CVE-1999-1127
CVE-1999-1127 affects Windows NT 4.0. The vulnerability stems from improper handling of invalid named pipe RPC connections, leading to resource exhaustion and a denial of service when a remote attacker establishes a sequence of connections sending malformed data. The issue is tied to the shutdown...
CVE-1999-1127
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service resource exhaustion via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability...