265 matches found
Microsoft 365 Direct Send Abuse
The Rapid7 MDR team has observed a significant rise in the number of threat actors leveraging a lesser-known feature within Microsoft 365 called Direct Send. Rapid7 encourages organizations to immediately review their authenticated mail flow configurations, specifically related to Microsoft 365...
UBUNTU-CVE-2025-39802
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts Restore the SIMD usability check that was removed by commit 773426f4771b "crypto: arm/poly1305 - Add block-only interface". This safety check is cheap and is...
PT-2025-37483
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's crypto/arm/poly1305 module where register corruption can occur in non-SIMD contexts. This issue arises from the removal of a SIMD usability check,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of SIMD availability checking, which could lead to register corruption or miscalculated MACs...
PT-2025-37485
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's poly1305 function within the arm64/poly1305 module. The issue involves register corruption in contexts where Single Instruction Multiple Data SIMD i...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of SIMD availability checking, which could lead to register corruption or miscalculated MACs...
httpsig-rs 安全漏洞
httpsig-rs is a Rust library by Jun Kurihara Personal Developer. A security vulnerability exists in versions prior to httpsig-rs 0.0.19, which stems from an HMAC signature comparison that does not utilize a temporal security approach, which could lead to an attacker forging a signature...
SUSE CVE-2025-39702
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2025-39702
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2025-39702 ipv6: sr: Fix MAC comparison to be constant-time
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2025-39702 ipv6: sr: Fix MAC comparison to be constant-time
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ipv6/sr module MAC comparison not using constant time...
CVE-2024-33494
A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...
CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...
CVE-2015-6964
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...
CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...
Configure Proper MACs Algorithms for the SSH Service
In cryptography, a message authentication code MAC is an authentication mechanism used by communication entities to check message integrity. If the configured algorithms are insecure, security risks increase because weak algorithms have been or are about to be cracked in the industry. The...
UBUNTU-CVE-2024-58134
Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...
Linux Distros Unpatched Vulnerability : CVE-2016-1550
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An...
CLSA-2025-1740132301 krb5: Fix of CVE-2024-3596
CVE-2024-3596: Generate and verify message MACs in libkrad for vulnerability in RADIUS protocol which allows attackers to forge authentication responses...