256 matches found
CVE-2023-6323
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...
D-Link DAP-2622 安全漏洞
The D-Link DAP-2622 is a wireless access point Access Point device from China's AUO D-Link. A security vulnerability exists in the D-Link DAP-2622 that stems from a stack-based buffer overflow remote code execution vulnerability in the DDP Set Wireless Message Authentication Password...
CVE-2024-29969
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
BIT-TYPO3-2020-15099
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
CVE-2024-23816
A vulnerability has been identified in Location Intelligence Perpetual Large 9DE5110-8CA13-1AX0 All versions V4.3, Location Intelligence Perpetual Medium 9DE5110-8CA12-1AX0 All versions V4.3, Location Intelligence Perpetual Non-Prod 9DE5110-8CA10-1AX0 All versions V4.3, Location Intelligence...
CVE-2024-23816
CVE-2024-23816 affects Siemens Location Intelligence products (Perpetual Large/Medium/Non-Prod/Small and SUS Large/Medium/Non-Prod/Small). Root cause: use of a hard-coded secret for Keyed-Hash Message Authentication Code computation, enabling an unauthenticated remote attacker to gain full admini...
CVE-2024-23816
A vulnerability has been identified in Location Intelligence Perpetual Large 9DE5110-8CA13-1AX0 All versions V4.3, Location Intelligence Perpetual Medium 9DE5110-8CA12-1AX0 All versions V4.3, Location Intelligence Perpetual Non-Prod 9DE5110-8CA10-1AX0 All versions V4.3, Location Intelligence...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
CVE-2023-50123
The number of attempts to bring the Hozard Alarm system alarmsystemen v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state...
AZL-78582 CVE-2023-6129 affecting package openssl-fips-provider 3.1.2-1
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
CVE-2023-6129
CVE-2023-6129: OpenSSL POLY1305 MAC bug on PowerPC (PowerISA 2.07) can corrupt vector registers/state when POLY1305 is used, potentially affecting TLS deployments. Impact ranges from no observable issues to application crashes or takeover, per advisories. Affected platforms are PowerPC CPUs with ...
CVE-2015-6964
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...
Authentication flaw
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...