26 matches found
Missing Cryptographic Step
Overview Affected versions of this package are vulnerable to Missing Cryptographic Step due to the lack of enforcement for receiving a cryptographically-signed final chunk before the termination of the outer HTTP body. An attacker can cause undetected truncation of chunked messages by forwarding...
CVE-2026-48480
The CVE concerns the netty incubator codec.bhttp (codec-ohttp) where, prior to 0.0.22.Final, the implementation of draft-ietf-ohai-chunked-ohttp fails to verify that a cryptographically-signed final chunk was received before the outer HTTP body ends. This allows an on-path adversary (OHTTP relay ...
EUVD-2026-34311
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...
PT-2026-29340
Name of the Vulnerable Software and Affected Versions PX4 Autopilot affected versions not specified Description The MAVLink communication protocol, as used by PX4 Autopilot, does not require cryptographic authentication by default. Without MAVLink 2.0 message signing enabled, unauthenticated...
EUVD-2024-43421
Malicious code in bioql PyPI...
EUVD-2024-43420
Malicious code in bioql PyPI...
TCG TPM 安全漏洞
TCG TPM is a chip that is planted inside a computer to provide a trusted root for the computer, organized by Trusted Computing Group. A security vulnerability exists in version 2.0 of the TCG TPM, which stems from a CryptHmacSign helper function that does not validate the signing scheme and signi...
Updated neomutt packages fix security vulnerabilities
The To and Cc email header fields are not protected by cryptographic signing. CVE-2024-49393 The In-reply-to email header field is not protected by cryptographic signing. CVE-2024-49394...
MGASA-2025-0070 Updated neomutt packages fix security vulnerabilities
The To and Cc email header fields are not protected by cryptographic signing. CVE-2024-49393 The In-reply-to email header field is not protected by cryptographic signing. CVE-2024-49394...
SUSE CVE-2024-49393
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality...
CVE-2024-49394
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...
DEBIAN-CVE-2024-49394
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...
CVE-2024-49394
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...
CVE-2024-49393
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality...
CVE-2024-49393
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality...
CVE-2024-49394 Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...
CVE-2024-49394
CVE-2024-49394 affects mutt and neomutt: the In-Reply-To header is not cryptographically signed, enabling an attacker to impersonate the sender by reusing an unencrypted but signed email. Public references in the connected documents show multiple advisories addressing this issue and releasing fix...
CVE-2024-49394 Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...
CVE-2024-49394
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...
CVE-2024-49393 Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality...