AZL-40061 CVE-2024-3096 affecting package php for versions less than 8.3.6-1

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

PHP 安全漏洞

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP where a password stored using the passwordhash function begins with a null byte x00, and testing a blank string as the password via the passwordverify function will incorrectly return true. the...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : PHP vulnerabilities (USN-6757-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6757-1 advisory. It was discovered that PHP incorrectly handled PHPCLISERVERWORKERS variable. An attacker could possibly use this issu...

UBUNTU-CVE-2024-3096

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it'...

CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it'...

XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

Impact It is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. No...

GHSA-V782-XR4W-3VQX XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

Impact It is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. No...

PT-2024-24095 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 5.0-rc-1 through 14.10.18 XWiki Platform versions 14.10.19 through 15.5.3 XWiki Platform versions 15.5.4 through 15.9-rc-1 Description: The issue allows access to the hash of a password by using the diff feature of the...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform that stems from the ability to access a password's hash value whenever the object storing the password is deleted, by using the diff...

CVE-2024-28065

In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash...

CVE-2024-28065

CVE-2024-28065 affects Unify CP IP Phone firmware 1.10.4.3. The issue arises because files are not encrypted and contain sensitive data such as the root password hash. CVSS 3.1 vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N, base score 5.9 (Medium). Exploitation status is not provided in the documen...

CVE-2024-28065

In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash...

CVE-2024-28065

In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash...

GHSA-R75M-26CQ-MJXC Serverpod improved security for stored password hashes

Description Improved security for stored password hashes Serverpod now uses the OWASP, source, recommended Argon2Id password hash algorithm to store password hashes for the email authentication module. Starting from Serverpod 1.2.6 all users that either creates an account or authenticates with th...

CVE-2024-29886

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-29886

CVE-2024-29886 affects Serverpod; root cause is an outdated password hash algorithm vulnerable to rainbow attacks if the database is compromised. The issue is mitigated by upgrading to Serverpod 1.2.6, which switches to the Argon2id password hash algorithm for the email authentication module. Not...

CVE-2024-29886 Improved security for stored password hashes

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

Elspec G5 digital fault recorder security vulnerability

The Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and earlier, which stems from a log file that...

CVE-2024-2365

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with...