SUSE CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

Important: Red Hat Security Advisory: booth security update

An update for booth is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-3049 Booth: specially crafted hash can lead to invalid hmac being accepted by booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-3049

CVE-2024-3049 affects Booth, the cluster ticket manager. A specially crafted hash can cause Booth to accept an invalid HMAC, enabling potential unauthorized behavior. Concrete details from connected docs show affected packages and exact patch versions: Debian fixed in 1.0-283-g9d4029a-2+deb12u1 (...

CVE-2024-3049 Booth: specially crafted hash can lead to invalid hmac being accepted by booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat...

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...

ALSA-2024:3661 Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...

GHSA-M2HP-5X78-74MG Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

Insecure Deserialization

typo3/cms-core is vulnerable to Insecure Deserialization. The vulnerability is due to request handling that relies on HMAC-SHA1 signing with a sensitive encryption key, which, if exposed, allows attackers to deserialize malicious payloads...

RHEL 7 : tpm2-tools (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tpm2-tools: Sending password in plaintext for HMAC generation on server CVE-2017-7524 Note that Nessus has not test...

RHEL 6 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libtasn1: asn1getbitder can return negative bit length CVE-2014-3468 - gnutls: HMAC-SHA-384 vulnerable to...

TYPO3 Possible Insecure Deserialization in Extbase Request Handling

It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since sensiti...