Design/Logic Flaw

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...

UBUNTU-CVE-2023-49933

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...

SchedMD Slurm Security Vulnerability

SchedMD Slurm is an open source and highly scalable cluster management and job scheduling system for large and small Linux clusters from SchedMD, Inc. A security vulnerability exists in SchedMD Slurm that stems from improper message integrity enforcement during transmission in a communication...

CVE-2023-49933

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...

CVE-2023-49933

CVE-2023-49933 affects SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. The vulnerability is described as Improper Enforcement of Message Integrity During Transmission in a communication channel, allowing an attacker to modify RPC traffic in a way that bypasses message hash checks. Affected versions ...

CVE-2023-49935

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...

PT-2023-8198 · Schedmd +1 · Slurm +1

Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 23.02.x through 23.02.6 SchedMD Slurm versions 23.11.x through 23.11.0 Description: The issue is related to incorrect access control due to a slurmd Message Integrity Bypass, allowing an attacker to reuse root-level...

PT-2023-8199 · Schedmd +2 · Slurm +2

Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 22.05.x through 22.05.10 SchedMD Slurm versions 23.02.x through 23.02.6 SchedMD Slurm versions 23.11.x through 23.11.0 Description: The issue is related to the improper enforcement of message integrity during transmissi...

CVE-2023-46445

A flaw was found in python-asyncssh before 2.14.1 versions, where the rogue extension negotiation process is unauthenticated and allows injecting an info message. This flaw allows an attacker to replace the original message, downgrading the algorithm used for client authentication, which affects...

kernel: virt/coco/sev-guest: Double-buffer messages

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

CODESYS Development System Improper Enforcement of Message Integrity Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LearnMoreAction function. The issue results from a missing...

CVE-2023-2885

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle AiTM.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2885

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle AiTM. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2885

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle AiTM. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2885 Channel Accessible by Non-Endpoint in CBOT's Chatbot

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle AiTM. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

PT-2023-22006 · Unknown · Cbot Chatbot

Name of the Vulnerable Software and Affected Versions: CBOT Chatbot versions prior to Core: v4.0.3.4 CBOT Chatbot versions prior to Panel: v4.0.3.7 Description: The issue is related to the improper enforcement of message integrity during transmission in a communication channel, allowing an...

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Overview Affected versions of this package are vulnerable to Improper Enforcement of Message Integrity During Transmission in a Communication Channel when the connection to servers with TLS enabled, a man-in-the-middle attacker can inject false responses to the client's first few queries...

F5 Networks BIG-IP : BIG-IP Edge Client for Windows and macOS vulnerability (K000132522)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.5 / 15.1.9 / 16.1.3.5 / 17.1.0.2. It is, therefore, affected by a vulnerability as referenced in the K000132522 advisory. - In the pre connection stage, an improper enforcement of message integrity vulnerability...

CVE-2023-22372

In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-22372 BIG-IP Edge Client for Windows and Mac OS vulnerability

In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...