CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime SDM modules. The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws...

CVE-2024-0323

The CVE-2024-0323 entry affects the B&R Automation Runtime FTP server, where the FTP service supports insecure encryption mechanisms (SSLv3, TLS 1.0, TLS 1.1). Affected product: B&R Automation Runtime (FTP server). Documented impact: network-based attacker can perform man-in-the-middle attacks or...

CVE-2024-0323 FTP uses unsecure encryption mechanisms

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

openSUSE: Security Advisory for aria2 (openSUSE-SU-2021:1125-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UPchieve: Vulnerability Report - sweet32 UPchieve

Hello Team. I run the nmap with ssl-enum script to look for new Vulnerability that is known as "SWEET32" Detail about sweet32 vuln: Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between client...

openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)

This update for rubygem-puma to version 4.3.5 fixes the following issues : - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...

openSUSE Security Update : rubygem-puma (openSUSE-2020-990)

This update for rubygem-puma to version 4.3.5 fixes the following issues : - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...

openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:0990-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:1001-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for rubygem-puma (moderate)

openSUSE Security Update: Security update for rubygem-puma Announcement ID: openSUSE-SU-2020:1001-1 Rating: moderate References: 1172175 1172176 Cross-References: CVE-2020-11076 CVE-2020-11077 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available...

Security update for rubygem-puma (moderate)

openSUSE Security Update: Security update for rubygem-puma Announcement ID: openSUSE-SU-2020:0990-1 Rating: moderate References: 1172175 1172176 Cross-References: CVE-2020-11076 CVE-2020-11077 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available...

Security Bulletin: Vulnerability in SSLv3 affects Tivoli Netcool OMNIbus (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 may be enabled in the Tivoli Netcool OMNIbus server components, including the Object Server, Process Agent, and Gateways. Vulnerability Details CVE-ID:...

Weblate: Web server is vulnerable to Beast Attack

Supported versions: TLSv1.0 TLSv1.1 TLSv1.2 Deflate compression: no Supported cipher suites ORDER IS NOT SIGNIFICANT: TLSv1.0 RSAWITHAES128CBCSHA DHERSAWITHAES128CBCSHA RSAWITHAES256CBCSHA DHERSAWITHAES256CBCSHA TLSv1.1: idem TLSv1.2 RSAWITHAES128CBCSHA DHERSAWITHAES128CBCSHA RSAWITHAES256CBCSHA...

New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Hi, I get in touch to report that cloud.newrelic.com is vulnerable to CVE-2014-3566 POODLE. Websites that support SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM Man-in-the-middle attack. This attack, called POODLE, is similar to the BEAST attack and also allows a network...

Transport Layer Security (TLS) Version 1.0

Transport Layer Security TLS is a cryptographic protocol meant to provide security and data integrity for communications over TCP/IP networks. TLSv1.0 is considered obsolete and insecure, and is deprecated in favor of a more advanced TLS protocol. This protection will detect and block any use of...

Gratipay: Insecure Transportation Security Protocol Supported (TLS 1.0)

Description: Its observed that that insecure transportation security protocol TLS 1.0 is supported by your web server. TLS 1.0 has several flaws. An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST. Websites using TLS 1.0 will be...

Gratipay: The POODLE attack (SSLv3 supported) for https://grtp.co/

Websites that support SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM Man-in-the-middle attack. This attack, called POODLE, is similar to the BEAST attack and also allows a network attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie dat...

Disable SSLv3 in outgoing HTTPS connections from Confluence

SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in January 1999 and java 6 supports and uses it as the default client version in TLS handshake. SSLv3 is old and limits the ciphers that can be used. SSLv3 is also vulnerable to POODLE. We...

Disable SSLv3 in outgoing HTTPS connections from Confluence

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-36165. panel SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in...