251 matches found
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
BIT-TYPO3-2020-15099
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
CVE-2024-23816
A vulnerability has been identified in Location Intelligence Perpetual Large 9DE5110-8CA13-1AX0 All versions V4.3, Location Intelligence Perpetual Medium 9DE5110-8CA12-1AX0 All versions V4.3, Location Intelligence Perpetual Non-Prod 9DE5110-8CA10-1AX0 All versions V4.3, Location Intelligence...
CVE-2024-23816
CVE-2024-23816 affects Siemens Location Intelligence products (Perpetual Large/Medium/Non-Prod/Small and SUS Large/Medium/Non-Prod/Small). Root cause: use of a hard-coded secret for Keyed-Hash Message Authentication Code computation, enabling an unauthenticated remote attacker to gain full admini...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
AZL-78582 CVE-2023-6129 affecting package openssl-fips-provider 3.1.2-1
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
CVE-2023-6129
CVE-2023-6129: OpenSSL POLY1305 MAC bug on PowerPC (PowerISA 2.07) can corrupt vector registers/state when POLY1305 is used, potentially affecting TLS deployments. Impact ranges from no observable issues to application crashes or takeover, per advisories. Affected platforms are PowerPC CPUs with ...
CVE-2015-6964
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...
Authentication flaw
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...
CVE-2015-6964
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...
MultiBit HD Security Vulnerability
MultiBit HD is a bitcoin wallet open-sourced by MultiBit. A security vulnerability exists in versions prior to MultiBit HD 0.1.2 that stems from not setting the Message Authentication Code MAC...
CVE-2015-6964
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. Attackers cannot realistically steal these fees for themselves. This occurs because there is no message authenticati...
CVE-2023-38906
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message...
CVE-2023-38906
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message...
CVE-2023-38906
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message...
PT-2023-4544 · Tp Link · Tapo L530 +5
Name of the Vulnerable Software and Affected Versions: TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.1.9 TPLink Smart Bulb Tapo series L510E version 1.0.8 TPLink Smart Bulb Tapo series L630 version 1.0.3 TPLink Smart Bulb Tapo series P100 version 1.4.9 TPLink Smart Camera Tapo serie...
CVE-2023-38906
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message...
CVE-2023-38906
TP-Link Tapo family vulnerability CVE-2023-38906 affects L530 (1.0.0–1.1.9), L510E (1.0.8), L630 (1.0.3), P100 (1.4.9), C200 (1.1.18), and Tapo App 2.8.14. Description: remote attacker can obtain sensitive information via the authentication code in UDP messages. Root cause: lack of protection for...