106 matches found
Moderate: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
p5-Authen-SASL -- Insecure source of randomness
p5-Authen-SASL project reports: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and...
The vulnerability of the md5 function in the package manager pnpm allows a hacker to compromise data integrity.
The vulnerability of the md5 function in the package manager pnpm relates to the use of a reversible one-way hash function. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...
MIT Kerberos 安全漏洞
MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters, U.S.A. Kerberos also serves as a network authentication protocol designed with the goal of providing strong authentication services to client/server applications through a key system. A...
PYSEC-2025-168
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AIMD5PARSESTRINGINQUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based...
OESA-2025-1127 assimp security update
Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A heap-buffer-overflow vulnerability...
SUSE CVE-2024-55885
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...
UBUNTU-CVE-2024-46632
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
OESA-2024-1878 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: RADIUS Protocol under RFC 2865 is susceptible to forgery...
SUSE CVE-2024-34340
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...
The vulnerability of the universal monitoring system Zabbix, related to weak encryption, allows attackers to gain access to confidential data.
The vulnerability of the Zabbix universal monitoring system relates to the hashing of passwords using the MD5 algorithm. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...
UBUNTU-CVE-2020-22336
An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function...
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...
The vulnerability of TP-Link TL-WR940N V6 router’s microprogramming software is related to the use of an outdated cryptographic algorithm, MD5. This vulnerability allows a hacker to gain unauthorized access to protected information or cause service failures.
The vulnerability of TP-Link TL-WR940N V6 router’s microprogramming software is related to the use of an outdated cryptographic algorithm, MD5. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information or cause service failures...
TP-LINK TL-WR940N 加密问题漏洞
The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR940N V6 version 3.19.1 Build 180119, which stems from the use of the deprecated MD5 algorithm to hash the administrator password for basic authentication...
Belloo 安全特征问题漏洞
Belloo, a "high quality" dating software from Belloo, is vulnerable to an access control error that originates from the use of md5$time to generate password recovery code in requestsuser.php. An attacker could use this vulnerability to predict the time value on the server and could easily guess t...
EnroCrypt 加密问题漏洞
EnroCrypt is This is a Python module for encryption, hashing, and other essentials you need to hash via secure encryption and imposed salt. A security vulnerability exists in versions prior to EnroCrypt 1.1.4 that stems from EnroCrypt's use of the MD5 hashing algorithm in hash files, which is...