Search Results (32 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-53712 1 Ongres 1 Scram 2026-07-17 N/A
SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS man-in-the-middle attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding when TlsServerEndpoint processes an X.509 certificate using a modern signature algorithm such as Ed25519; getChannelBindingData() can return an empty byte array after NoSuchAlgorithmException, and the ScramClient builder treats that as absent channel-binding data. This issue is fixed in version 3.3.
CVE-2026-4942 1 Ibm 1 I 2026-07-17 5.9 Medium
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message and downgrade the Transport Layer Security (TLS) protocol to a version disabled in the server configuration.
CVE-2026-48747 2026-07-16 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature() parsed X-MOM-Webhook-Signature as algo=signature and passed the request-selected algorithm to hash_hmac(), allowing a signature algorithm downgrade instead of enforcing Mailomat's documented SHA-256 webhook signature. This issue is fixed in versions 7.4.13 and 8.0.13.
CVE-2026-54780 1 Corewcf 1 Corewcf 2026-07-09 3.7 Low
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
CVE-2026-54291 1 Pgjdbc 1 Pgjdbc 2026-07-06 N/A
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection can trigger the downgrade with a certificate whose signature algorithm has no tls-server-end-point channel-binding hash, because the bundled com.ongres.scram:scram-client returns an empty byte array instead of failing and pgJDBC ScramAuthenticator checks only that the server advertised a PLUS mechanism, without rejecting the empty binding or checking that the negotiated mechanism uses channel binding. This issue is fixed in version 42.7.12.
CVE-2026-6092 1 Wolfssl 1 Wolfssl 2026-06-26 N/A
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
CVE-2026-2673 2 Openssl, Siemens 3 Openssl, Simatic Cn 4100, Simatic Cn 4100 Firmware 2026-06-05 6.5 Medium
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.
CVE-2014-3566 11 Apple, Debian, Fedoraproject and 8 more 28 Mac Os X, Debian Linux, Fedora and 25 more 2026-05-28 3.4 Low
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2026-1677 1 Zephyrproject-rtos 1 Zephyr 2026-05-11 5.3 Medium
Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello advertises both versions and the peer can establish TLS 1.2, so applications that assumed `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses. As a workaround, the `TLS_CIPHERSUITE_LIST` socket option can be restricted to TLS 1.3-only cipher suites.
CVE-2026-32650 1 Anviz 2 Anviz Crosschex Standard, Crosschex Standard 2026-05-04 7.5 High
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.
CVE-2026-6550 1 Amazon 1 Aws Encryption Sdk For Python 2026-04-22 4.7 Medium
Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decrypted to multiple different plaintexts. To remediate this issue, users should upgrade to version 3.3.1, 4.0.5 or above.
CVE-2024-8773 2026-04-15 N/A
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch 6.30@a03.9, which make it possible for an administrator to enforce encrypted communication. Versions 6.20 and 6.25 remain unpatched.
CVE-2025-10693 1 Silabs 1 Z-wave Sdk 2026-04-15 N/A
When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.
CVE-2024-4995 2026-04-15 9.8 Critical
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.
CVE-2025-24154 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2026-04-02 9.1 Critical
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, visionOS 2.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2025-59270 1 Pspete 1 Pspas 2025-09-30 3.1 Low
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.
CVE-2025-36582 1 Dell 1 Networker 2025-08-14 4.8 Medium
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2020-16200 1 Philips 1 Clinical Collaboration Platform 2025-06-04 6.5 Medium
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2024-23656 1 Linuxfoundation 1 Dex 2025-06-03 7.5 High
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.
CVE-2024-38883 1 Horizoncloud 1 Caterease 2025-05-13 9.1 Critical
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.