Lucene search
K

265 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/10/02 3:22 p.m.9 views

Microsoft 365 Direct Send Abuse

The Rapid7 MDR team has observed a significant rise in the number of threat actors leveraging a lesser-known feature within Microsoft 365 called Direct Send. Rapid7 encourages organizations to immediately review their authenticated mail flow configurations, specifically related to Microsoft 365...

7.3AI score
Exploits0
OSV
OSV
added 2025/09/15 1:15 p.m.3 views

UBUNTU-CVE-2025-39802

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts Restore the SIMD usability check that was removed by commit 773426f4771b "crypto: arm/poly1305 - Add block-only interface". This safety check is cheap and is...

7.8CVSS5.7AI score0.00133EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.4 views

PT-2025-37483

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's crypto/arm/poly1305 module where register corruption can occur in non-SIMD contexts. This issue arises from the removal of a SIMD usability check,...

6AI score0.00133EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of SIMD availability checking, which could lead to register corruption or miscalculated MACs...

7.8CVSS6.2AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.4 views

PT-2025-37485

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's poly1305 function within the arm64/poly1305 module. The issue involves register corruption in contexts where Single Instruction Multiple Data SIMD i...

6.3AI score0.00133EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.8 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of SIMD availability checking, which could lead to register corruption or miscalculated MACs...

7.8CVSS6.2AI score0.00133EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.3 views

httpsig-rs 安全漏洞

httpsig-rs is a Rust library by Jun Kurihara Personal Developer. A security vulnerability exists in versions prior to httpsig-rs 0.0.19, which stems from an HMAC signature comparison that does not utilize a temporal security approach, which could lead to an attacker forging a signature...

5.9CVSS6.4AI score0.00264EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/09/05 11:23 p.m.4 views

SUSE CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

5.5CVSS6.5AI score0.00149EPSS
Exploits0References21
NVD
NVD
added 2025/09/05 6:15 p.m.8 views

CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

7CVSS0.00149EPSS
Exploits0References9
OSV
OSV
added 2025/09/05 5:21 p.m.8 views

CVE-2025-39702 ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

7CVSS6AI score0.00149EPSS
Exploits0References11
Cvelist
Cvelist
added 2025/09/05 5:21 p.m.13 views

CVE-2025-39702 ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

0.00149EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ipv6/sr module MAC comparison not using constant time...

7CVSS6AI score0.00149EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.5 views

CVE-2024-33494

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

6.9CVSS9.2AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 4:54 p.m.7 views

CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...

7.7CVSS6.3AI score0.00418EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 9:32 a.m.6 views

CVE-2015-6964

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...

5.3CVSS7.3AI score0.00439EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:2 a.m.7 views

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

5CVSS6.9AI score0.03099EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.4 views

Configure Proper MACs Algorithms for the SSH Service

In cryptography, a message authentication code MAC is an authentication mechanism used by communication entities to check message integrity. If the configured algorithms are insecure, security risks increase because weak algorithms have been or are about to be cracked in the industry. The...

7.4AI score
Exploits0References4
OSV
OSV
added 2025/05/03 4:15 p.m.5 views

UBUNTU-CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

8.1CVSS5.8AI score0.00459EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-1550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An...

5.3CVSS6.9AI score0.03634EPSS
Exploits1References2
OSV
OSV
added 2025/02/21 10:5 a.m.6 views

CLSA-2025-1740132301 krb5: Fix of CVE-2024-3596

CVE-2024-3596: Generate and verify message MACs in libkrad for vulnerability in RADIUS protocol which allows attackers to forge authentication responses...

9CVSS7.3AI score0.14859EPSS
Exploits2References1
Rows per page
Query Builder