EUVD-2026-23508

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

CVE-2026-32650 Anviz CrossChex Standard Algorithm Downgrade

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

PT-2026-33500

CVE-2026-32650 Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and… https://t.co/O0iDDBAtcU...

TencentOS Server 4: corosync (TSSA-2025:0287)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0287 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

[SECURITY] [DLA 4308-1] corosync security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4308-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 22, 2025 https://wiki.debian.org/LTS -...

Linux Distros Unpatched Vulnerability : CVE-2021-45100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This...

CVE-2023-41926

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

corosync: Stack buffer overflow from 'orf_token_endian_convert'

A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior...

USN-7478-1 corosync vulnerability

It was discovered that Corosync incorrectly handled certain large UDP packets. If encryption is disabled, or an attacker knows the encryption key, this issue could be used to cause Corosync to crash, resulting in a denial of service...

OESA-2025-1365 corosync security update

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script. Security Fixes: Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in...

AZL-61774 CVE-2025-30472 affecting package corosync 3.0.4-4

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet...

DEBIAN-CVE-2025-30472

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet...

CVE-2023-41926 Insufficiently protected credentials in Kiloview P1/P2 devices

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

SUSE CVE-2018-16758

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...

SUSE CVE-2021-45100

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2GLOBALCAPENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol...

LDAP Account Manager 跨站脚本漏洞

LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. cross-site scripting vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from the fact that if the PHP OpenSSL extension is not installed o...

IBM QRadar SIEM 安全漏洞

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A security...

CVE-2018-10612

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials...

ALPINE-CVE-2018-16758

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...