Lucene search
K

106 matches found

RedHat Linux
RedHat Linux
added 2025/08/12 1:10 a.m.5 views

Moderate: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

5.9CVSS6.8AI score0.00276EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/07/16 12:0 a.m.3 views

p5-Authen-SASL -- Insecure source of randomness

p5-Authen-SASL project reports: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and...

6.5CVSS7.3AI score0.00394EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.5 views

The vulnerability of the md5 function in the package manager pnpm allows a hacker to compromise data integrity.

The vulnerability of the md5 function in the package manager pnpm relates to the use of a reversible one-way hash function. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

6.5CVSS6.5AI score0.00187EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.4 views

MIT Kerberos 安全漏洞

MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters, U.S.A. Kerberos also serves as a network authentication protocol designed with the goal of providing strong authentication services to client/server applications through a key system. A...

5.9CVSS6.8AI score0.00276EPSS
Exploits0References19
OSV
OSV
added 2025/03/25 10:15 a.m.7 views

PYSEC-2025-168

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AIMD5PARSESTRINGINQUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based...

8.8CVSS6AI score0.00478EPSS
Exploits1References5
OSV
OSV
added 2025/02/14 12:13 p.m.2 views

OESA-2025-1127 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A heap-buffer-overflow vulnerability...

6.2CVSS7AI score0.00301EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2024/12/20 3:48 a.m.3 views

SUSE CVE-2024-55885

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

7.5CVSS6.9AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2024/09/26 4:15 p.m.1 views

UBUNTU-CVE-2024-46632

Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function...

4.3CVSS5.8AI score0.00468EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/07/30 9:1 a.m.5 views

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

9CVSS7.2AI score0.14859EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2024/07/24 1:19 p.m.6 views

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

9CVSS7.2AI score0.14859EPSS
Exploits2References10
OSV
OSV
added 2024/07/19 11:8 a.m.6 views

OESA-2024-1878 freeradius security update

Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: RADIUS Protocol under RFC 2865 is susceptible to forgery...

9CVSS6.8AI score0.14859EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2024/05/15 2:29 a.m.2 views

SUSE CVE-2024-34340

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...

9.1CVSS7AI score0.01119EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2023/12/26 12:0 a.m.7 views

The vulnerability of the universal monitoring system Zabbix, related to weak encryption, allows attackers to gain access to confidential data.

The vulnerability of the Zabbix universal monitoring system relates to the hashing of passwords using the MD5 algorithm. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

7.8CVSS7.1AI score0.01211EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2023/07/06 2:15 p.m.3 views

UBUNTU-CVE-2020-22336

An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function...

9.8CVSS6.2AI score0.01097EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/06/06 2:14 p.m.6 views

samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...

8.1CVSS6.5AI score0.02559EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/04 1:24 p.m.6 views

samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...

8.1CVSS6.5AI score0.02559EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.7 views

The vulnerability of TP-Link TL-WR940N V6 router’s microprogramming software is related to the use of an outdated cryptographic algorithm, MD5. This vulnerability allows a hacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of TP-Link TL-WR940N V6 router’s microprogramming software is related to the use of an outdated cryptographic algorithm, MD5. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information or cause service failures...

6.4CVSS7.2AI score0.00362EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/22 12:0 a.m.6 views

TP-LINK TL-WR940N 加密问题漏洞

The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR940N V6 version 3.19.1 Build 180119, which stems from the use of the deprecated MD5 algorithm to hash the administrator password for basic authentication...

7.5CVSS7.3AI score0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.6 views

Belloo 安全特征问题漏洞

Belloo, a "high quality" dating software from Belloo, is vulnerable to an access control error that originates from the use of md5$time to generate password recovery code in requestsuser.php. An attacker could use this vulnerability to predict the time value on the server and could easily guess t...

9.8CVSS5.8AI score0.01276EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.13 views

EnroCrypt 加密问题漏洞

EnroCrypt is This is a Python module for encryption, hashing, and other essentials you need to hash via secure encryption and imposed salt. A security vulnerability exists in versions prior to EnroCrypt 1.1.4 that stems from EnroCrypt's use of the MD5 hashing algorithm in hash files, which is...

7.5CVSS7.2AI score0.00544EPSS
Exploits1References3
Rows per page
Query Builder