9 matches found
DEBIAN-CVE-2026-33938
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...
CVE-2026-33938
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...
EUVD-2020-29034
Malware in sbrugna...
kernel: SCSI target (LIO) write to any block on ILO backstore
A flaw was found in the Linux kernel’s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on t...
CVE-2020-36151
Incorrect handling of input data in mysofaresamplerresetmem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block...
Nextcloud Server Encryption Block Password Phrase Generation Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cryptographic block cipher phrase generation error vulnerability exists in Nextcloud Server 19.0.1. An attacker could exploit the vulnerability to overwrite...
Design/Logic Flaw
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file...
Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file...
Nextcloud: Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file
First: The default encryption module bundled with the Nextcloud Server creates SHA256-HMAC based message authentication codes for each individual 6072 byte-sized block of data. These are the steps to calculate the MAC: Take the user password and harden it with SHA256-PBKDF2 denoted as $passPhrase...