CVE-2026-43033

The CVE-2026-43033 issue affects the Linux kernel crypto: authencesn module, where out-of-place decryption (src != dst) incorrectly saves high-order sequence bits in dst, requiring reordering before hashing. The vulnerability is linked to privilege escalation/DoS/info-leak risks as described in m...

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

CVE-2019-18659

The Wireless Emergency Alerts WEA protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 aka SIB12. NOTE: testing inside an RF-isolated shield box suggested that...

node-forge 安全漏洞

node-forge is a software application. A WebJar for node-forge. A security vulnerability exists in node-forge 1.3.1 and earlier versions, which stems from an ASN.1 structure parsing conflict that could bypass downstream cryptographic authentication...

EUVD-2019-8376

Malware in sbrugna...

EUVD-2023-0050

Malicious code in bioql PyPI...

EUVD-2022-52790

Malicious code in bioql PyPI...

EUVD-2022-52791

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-36811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgback...

Fedora 39 : borgbackup (2023-467632ecbe)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-467632ecbe advisory. fix for CVE-2023-36811: spoofed archive leads to data loss Please note that starting with borgbackup 1.2.5 all borg repos must use TAM authentication:...

Fedora 38 : borgbackup (2023-555f9fac30)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-555f9fac30 advisory. fix for CVE-2023-36811: spoofed archive leads to data loss Please note that starting with borgbackup 1.2.5 all borg repos must use TAM authentication:...

Fedora 37 : borgbackup (2023-34411d8f77)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-34411d8f77 advisory. fix for CVE-2023-36811: spoofed archive leads to data loss Please note that starting with borgbackup 1.2.5 all borg repos must use TAM authentication:...

FreeBSD : Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss. (b8a52e5a-483d-11ee-971d-3df00e0f9020)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b8a52e5a-483d-11ee-971d-3df00e0f9020 advisory. - borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A...

Archive spoofing vulnerability in borgbackup

Impact A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to 1. insert files with no additional headers into backups 2. gain write acce...

CVE-2023-36811

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

CVE-2023-36811

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

PYSEC-2023-164

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...