CVE-2025-34500 Shuffle Master Deck Mate 2 Insecure Update Chain

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

Debian dla-4195 : krb5-admin-server - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4195 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4195-1 [email protected] https://www.debian.org/lts/security/...

CVE-2024-47943

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

CVE-2023-34337

AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...