256 matches found
DEBIAN-CVE-2018-16758
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...
CVE-2018-16758
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...
Authentication flaw
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...
UBUNTU-CVE-2018-16758
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...
CVE-2018-16758
CVE-2018-16758 affects the tinc VPN daemon up to version 1.0.34. The root cause is missing message authentication in the meta-protocol, enabling a man-in-the-middle to disable VPN packet encryption. Public sources (NVD, CNVD) describe a MITM-based impact that decrypts or disrupts traffic. Fedora ...
openssl: Insufficient TLS session ticket HMAC length checks
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets...
CVE-2018-0733
Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...
F5 Networks BIG-IP : NTP input validation vulnerability (K43205719)
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVE-2016-1550 C Tenable Network Security,...
Unverifiable Symmetric Encryption
spring-cloud-config has a flaw which allows malicious manipulation of symmetric encryptions. The vulnerability exists because its default symmetric encryption does not use a Message Authentication Code MAC to verify the authenticity of encrypted message...
CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
CVE-2015-7848
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to ...
CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
Design/Logic Flaw
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
DEBIAN-CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
DEBIAN-CVE-2015-7848
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to ...
CVE-2016-1550
CVE-2016-1550 exists in the message authentication of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. The root cause is a non-constant-time memory comparison when validating the authentication digest on incoming packets, which can enable a timing attack. An attacker sen...
CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
Debian DSA-3659-1 : linux - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. - CVE-2016-5696 Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V. Krishnamurthy of the University of California, Riverside; and Lisa M...
HP Integrated Lights-Out Information Disclosure Vulnerability (CNVD-2016-07089)
HP Integrated Lights-Out is used for remote management of servers. An information disclosure vulnerability exists in HP Integrated Lights-Out. A remote attacker could exploit this vulnerability to cause information disclosure via TLS CBC Padding and MAC errors...
OpenSSH MAC Verification Security Bypass Vulnerability
OpenSSH is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. A security bypass vulnerability exists in OpenSSH MAC Verification, which allows attackers to bypass security restrictions and perform unauthorized operations...