Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a buffer overflow due to the use of HASHALGOLAST in the imaeventdigestinitcommon function in the ima...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud has a security vulnerability that stems from an MD5 hash being used to check the uniqueness of background jobs. This increases the likelihood tha...

Bludit Security Breach

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit that stems from the use of the SHA-1 hash algorithm to calculate password hashes, which can be brute-force attacked by an attacker to determine plaintext passwords...

Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices

Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature, whi...

RHEL 7 : qci (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - QCI: uses MD5 as password hash algorithm on deployed systems CVE-2016-6340 Note that Nessus has not tested for this...

CVE-2024-29951

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

CVE-2024-29886

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-29886 Improved security for stored password hashes

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-25102 Information Disclosure Vulnerability in CDAC AppSamvid Software

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this...

PT-2024-20750 · Appsamvid · Appsamvid

Name of the Vulnerable Software and Affected Versions: AppSamvid affected versions not specified Description: The issue is related to the use of a weaker cryptographic algorithm, specifically SHA1, in the user login component. An attacker with local administrative privileges could exploit this to...

AppSamvid Security Vulnerability

AppSamvid is a free application whitelisting software from Cert-In open source. A security vulnerability exists in AppSamvid 2.0.1 and earlier versions, which stems from the use of a weak encryption algorithm hash SHA1 in the user login component, which allows an attacker with local administrativ...

HCL Domino Security Vulnerability

HCL Technologies HCL Domino is an application software from HCL Technologies, Inc. It provides a platform for application development. A security vulnerability exists in HCL Domino that stems from the use of a weak hash encryption algorithm, which could allow an attacker to determine a user's...

CVE-2023-37495

CVE-2023-37495 involves HCL Domino. The vulnerability arises from using a cryptographically weak hash algorithm to secure internet passwords stored in Person documents in the Domino Directory when created via the Add Person action on the People & Groups tab. The issue could allow an attacker with...

PT-2024-12626 · Domino · Domino

Name of the Vulnerable Software and Affected Versions: Domino affected versions not specified Description: The issue is related to the use of a cryptographically weak hash algorithm to secure internet passwords stored in Person documents in the Domino Directory. This weakness could allow attacker...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

Siemens SCALANCE OpenSSL NULL Pointer Dereference (CVE-2023-0401)

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

Bcoin Security Breach

Bcoin is an alternative implementation of the Bitcoin protocol open-sourced by Bcoin. A security vulnerability exists in Bcoin version 2.2.0, which stems from a vulnerability that allows remote attackers to obtain sensitive information via a weak hash algorithm in the component...

Security Bulletin: Vulnerability in Brix crypto-js affects IBM Process Mining CVE-2023-46233

Summary There is a vulnerability in Brix crypto-js that could allow an remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION...