Lucene search
K

265 matches found

OSV
OSV
added 2025/02/17 5:10 p.m.10 views

CLSA-2025-1739812201 Fix CVE(s): CVE-2024-3596

SECURITY UPDATE: Generate and verify message MACs in libkrad - debian/patches/CVE-2024-3596.patch: implement support for Message-Authenticator in libkrad - CVE-2024-3596 debian/control: add package Recommends to krb5-doc...

9CVSS7.3AI score0.14859EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2025-36296

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where MAC comparisons were not performed in constant time, potentially allowing timing attacks. The fix involves using an appropriate helper function t...

7CVSS7AI score0.00149EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/11/12 9:20 a.m.2 views

openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC

A flaw was found in in the POLY1305 MAC message authentication code implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate t...

6.5CVSS7.1AI score0.02323EPSS
Exploits0References6
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.24 views

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms

OpenSSL contains an issue in the POLY1305 MAC message authentication code implementation that might result in a corrupted internal application state. This flaw is only exploitable on PowerPC CPU based platforms if the CPU provides vector instructions PowerISA 2.07. The impact of the corrupted...

5.9CVSS6.8AI score0.02323EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/11 9:19 a.m.3 views

Malleability attack against executables encrypted by CBC mode with no integrity check

Overview Researchers at NTT, University of Hyogo, and NEC have identified a security issue that leads to executing arbitrary code in executable files that are encrypted by CBC mode with no integrity check. This issue has been published in ACNS 2020 . There is a risk that an encrypted executable...

7.8AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/07/17 6:49 p.m.9 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.7AI score0.93305EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.5 views

PT-2024-40808 · Git +1 · Openssl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a null-dereference read crash. Technical details about the crash include the functions evp mac final, kbkdf derive, and do evp kd...

6.8AI score
Exploits0References2
OSV
OSV
added 2024/07/10 11:15 p.m.4 views

CVE-2024-39559

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device vmcore by sending a specific TCP packet over an established TCP session with MD5 authentication...

8.2CVSS5.8AI score0.00398EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/06/06 5:22 a.m.5 views

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...

5.9CVSS5.7AI score0.00535EPSS
Exploits0References5
OSV
OSV
added 2024/05/15 1:15 p.m.8 views

CVE-2023-6323

ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...

6.5CVSS5.8AI score0.00328EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.5 views

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from China's AUO D-Link. A security vulnerability exists in the D-Link DAP-2622 that stems from a stack-based buffer overflow remote code execution vulnerability in the DDP Set Wireless Message Authentication Password...

8.8CVSS9.3AI score0.00637EPSS
Exploits0References3
NVD
NVD
added 2024/04/19 6:15 a.m.21 views

CVE-2024-29969

When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082...

7.5CVSS7.7AI score0.0029EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/03/06 3:38 p.m.6 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.7AI score0.93305EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2024/03/06 3:32 p.m.5 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References6
OSV
OSV
added 2024/03/06 11:11 a.m.32 views

BIT-TYPO3-2020-15099

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...

8.1CVSS8.4AI score0.01782EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/03/05 8:5 p.m.4 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2024/03/05 6:22 p.m.3 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2024/02/27 10:34 p.m.6 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References6
OSV
OSV
added 2024/02/13 9:15 a.m.6 views

CVE-2024-23816

A vulnerability has been identified in Location Intelligence Perpetual Large 9DE5110-8CA13-1AX0 All versions V4.3, Location Intelligence Perpetual Medium 9DE5110-8CA12-1AX0 All versions V4.3, Location Intelligence Perpetual Non-Prod 9DE5110-8CA10-1AX0 All versions V4.3, Location Intelligence...

9.8CVSS5.7AI score0.00733EPSS
Exploits0References1
CVE
CVE
added 2024/02/13 9:0 a.m.63 views

CVE-2024-23816

CVE-2024-23816 affects Siemens Location Intelligence products (Perpetual Large/Medium/Non-Prod/Small and SUS Large/Medium/Non-Prod/Small). Root cause: use of a hard-coded secret for Keyed-Hash Message Authentication Code computation, enabling an unauthenticated remote attacker to gain full admini...

9.8CVSS9.5AI score0.00733EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder