280 matches found
CVE-2023-0452
Summary of CVE-2023-0452 : Econolite EOS before 3.2.23 uses a weak hash (MD5) to encrypt privileged credentials in a configuration file that is accessible without authentication. This can expose administrator/technician credentials and related data. The issue is documented in multiple connected s...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
PT-2023-16281 · Econolite · Econolite Eos
Name of the Vulnerable Software and Affected Versions: Econolite EOS versions prior to 3.2.23 Description: The issue concerns the use of a weak hash algorithm for encrypting privileged user credentials. A configuration file, accessible without authentication, utilizes MD5 hashes for credential...
openSUSE 15 Security Update : apptainer (openSUSE-SU-2023:0018-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0018-1 advisory. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via...
GO-2022-1045 Improper validation of signature hash algorithms in github.com/sylabs/sif/v2
The Singularity Image Format SIF reference implementation does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures...
GHSA-M5M3-46GJ-WCH8 SIF's Digital Signature Hash Algorithms Not Validated
Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...
SIF's Digital Signature Hash Algorithms Not Validated
Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...
CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
Design/Logic Flaw
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-39237
CVE-2022-39237 affects the Syslabs/sif (Singularity Image Format) reference implementation. In versions prior to 2.8.1, the go module github.com/sylabs/sif/v2/pkg/integrity did not verify that the hash algorithms used for metadata digests and signatures are cryptographically secure when validatin...
CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-39237 Digital Signature Hash Algorithms Not Validated in sylabs/sif
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
Hash result truncation
Lines of code Vulnerability details Description There is function hashFixedGovernanceOpts in Crowdfund contract and function getDistributionHash in TokenDistributor contract. The first one truncates the hash result to 16 bytes, the second to 15 bytes. Impact It is possible to find a collision for...
CVE-2022-29930
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1...
DIAEnergie Weak Hash Algorithm Vulnerability
DIAEnergie is an industrial energy management system from Delta Electronics. A weak hash algorithm vulnerability exists in DIAEnergie 1.7.5 and earlier versions. An attacker can exploit this vulnerability to retrieve plaintext passwords...
Delta Electronics DIAEnergie 加密问题漏洞
DIAEnergie is an industrial energy management system from Delta Electronics. A weak hash algorithm vulnerability exists in DIAEnergie 1.7.5 and earlier versions. An attacker can exploit this vulnerability to retrieve plaintext passwords...
OESA-2021-1309 gradle security update
Gradle is build automation evolved. Gradle can automate the building, testing, publishing, deployment and more of software packages or other types of projects such as generated static websites, generated documentation or indeed anything else. Gradle combines the power and flexibility of Ant with...
JetBrains YouTrack 加密问题漏洞
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack is vulnerable to an encryption issue prior to version 2021.2.16363, which stems from the software's use of the SHA-256 algorithm for password hashing. An attacker...
Design/Logic Flaw
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification...