Lucene search
K

92 matches found

RedhatCVE
RedhatCVE
added 2025/03/06 9:42 a.m.7 views

CVE-2024-12297

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...

9.2CVSS7.7AI score0.00825EPSS
Exploits0References1
NVD
NVD
added 2025/01/15 10:15 a.m.7 views

CVE-2024-12297

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...

9.2CVSS0.00825EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/15 10:0 a.m.18 views

CVE-2024-12297 Frontend Authorization Logic Disclosure Vulnerability

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...

9.2CVSS0.00825EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/12 7:23 p.m.20 views

CVE-2024-55885 Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

6.9CVSS0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/12 7:23 p.m.10 views

CVE-2024-55885 Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

6.9CVSS6.8AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.3 views

Beego 安全漏洞

Beego is an open source web framework based on the Go language from Beego Open Source. A security vulnerability exists in Beego version 2.3.3, which stems from the use of MD5 as a hashing algorithm and is vulnerable to collision attacks...

7.5CVSS7.4AI score0.00335EPSS
Exploits0References2
NVD
NVD
added 2023/08/24 7:15 p.m.13 views

CVE-2023-31412

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password...

7.5CVSS7.5AI score0.00344EPSS
Exploits0References3
Prion
Prion
added 2023/08/24 7:15 p.m.17 views

Design/Logic Flaw

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password...

5CVSS7.4AI score0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/24 6:15 p.m.16 views

CVE-2023-31412

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password...

7.5CVSS7.7AI score0.00344EPSS
Exploits0References3
CVE
CVE
added 2023/08/24 6:15 p.m.33 views

CVE-2023-31412

The CVE-2023-31412 issue affects the LMS5xx family, where weak hash generation produces insecure hashes. If an attacker obtains a hash, a collision attack could enable password retrieval. Documents from NVD/Red Hat/SICK PSIRT confirm the vulnerability and indicate risk components (network exposur...

7.5CVSS7.4AI score0.00344EPSS
Exploits0References3Affected Software1
Code423n4
Code423n4
added 2023/04/27 12:0 a.m.10 views

SHA1Digest Contract Vulnerability

Lines of code Vulnerability details Impact The vulnerability is related to the use of the SHA1 hashing algorithm in the SHA1Digest contract. SHA1 is an outdated cryptographic hash function that has been deprecated by most security experts due to its weaknesses and susceptibility to collision...

6.9AI score
Exploits0
Veracode
Veracode
added 2023/03/07 12:49 a.m.28 views

Collision Attack

jenkins-2-plugins is vulnerable to Collision Attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1 to store whole-script approvals, making it vulnerable to collision attacks...

7.5CVSS7.5AI score0.00468EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/02 3:11 a.m.5 views

CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

6.6CVSS7AI score0.01002EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/12/16 7:39 a.m.30 views

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm

The U.S. National Institute of Standards and Technology NIST, an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since...

7.2AI score
Exploits0
OSV
OSV
added 2022/11/16 12:0 p.m.22 views

GHSA-FV42-MX39-6FPW Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions

Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. Script Security Plugin 1190.v65867aa47126 uses SHA-512 for new...

8CVSS8.4AI score0.00468EPSS
Exploits0References5
OSV
OSV
added 2022/11/15 8:15 p.m.38 views

CVE-2022-45379

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

7.5CVSS7.4AI score
Exploits0References2
NVD
NVD
added 2022/11/15 8:15 p.m.19 views

CVE-2022-45379

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

7.5CVSS0.00468EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.27 views

Design/Logic Flaw

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

5CVSS7.4AI score0.00468EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.33 views

CVE-2022-45379

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

7.9AI score0.00468EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.335 views

CVE-2022-45379

CVE-2022-45379 affects Jenkins Script Security Plugin: versions 1189.vb_a_b_7c8fd5fde and earlier store whole-script approvals as the SHA-1 hash of the script, making them susceptible to SHA-1 collision attacks. Affected product: Jenkins Script Security Plugin (1189.vb_a_b_7c8fd5fde and earlier)....

7.5CVSS7.3AI score0.00468EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder