92 matches found
CVE-2024-12297
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...
CVE-2024-12297
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...
CVE-2024-12297 Frontend Authorization Logic Disclosure Vulnerability
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...
CVE-2024-55885 Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...
CVE-2024-55885 Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...
Beego 安全漏洞
Beego is an open source web framework based on the Go language from Beego Open Source. A security vulnerability exists in Beego version 2.3.3, which stems from the use of MD5 as a hashing algorithm and is vulnerable to collision attacks...
CVE-2023-31412
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password...
Design/Logic Flaw
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password...
CVE-2023-31412
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password...
CVE-2023-31412
The CVE-2023-31412 issue affects the LMS5xx family, where weak hash generation produces insecure hashes. If an attacker obtains a hash, a collision attack could enable password retrieval. Documents from NVD/Red Hat/SICK PSIRT confirm the vulnerability and indicate risk components (network exposur...
SHA1Digest Contract Vulnerability
Lines of code Vulnerability details Impact The vulnerability is related to the use of the SHA1 hashing algorithm in the SHA1Digest contract. SHA1 is an outdated cryptographic hash function that has been deprecated by most security experts due to its weaknesses and susceptibility to collision...
Collision Attack
jenkins-2-plugins is vulnerable to Collision Attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1 to store whole-script approvals, making it vulnerable to collision attacks...
CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...
Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm
The U.S. National Institute of Standards and Technology NIST, an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since...
GHSA-FV42-MX39-6FPW Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. Script Security Plugin 1190.v65867aa47126 uses SHA-512 for new...
CVE-2022-45379
Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...
CVE-2022-45379
Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...
Design/Logic Flaw
Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...
CVE-2022-45379
Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...
CVE-2022-45379
CVE-2022-45379 affects Jenkins Script Security Plugin: versions 1189.vb_a_b_7c8fd5fde and earlier store whole-script approvals as the SHA-1 hash of the script, making them susceptible to SHA-1 collision attacks. Affected product: Jenkins Script Security Plugin (1189.vb_a_b_7c8fd5fde and earlier)....