2438 matches found
USN-8352-1: LibreOffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
Ubuntu 22.04 LTS / 24.04 LTS : LibreOffice vulnerability (USN-8340-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8340-1 advisory. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use...
Fedora 44 : perl-Crypt-PasswdMD5 (2026-30d86fe986)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-30d86fe986 advisory. This update uses a cryptographically strong random number source rather than perl's rand function to generate random salt values when required CVE-2026-6659...
Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple
CVE-2019-9053 — Unauthenticated SQL Injection in CMS Made Simp...
CVE-2026-9370
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
CVE-2026-45787 electerm's encrypt method not safe enough
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...
CVE-2026-45787
The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...
CVE-2026-45787 electerm's encrypt method not safe enough
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...
USN-8340-1 libreoffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-8340-1: LibreOffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
Electerm 安全漏洞
Electerm is a SSH/SFTP client developed by ZXDong262 of China, based on Electron. Versions of Electerm prior to 3.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of a fixed-zero IV, a constant KDF salt, and no MAC generation in the deterministic AES-192-CBC...
CVE-2026-45027
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-45027
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
EUVD-2026-32565
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-45027
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, login.php hashes the submitted password with PHP hash(…, 'SHA-256') and no salt, and the password-change flow uses the same pattern. SHA-256 is a fast general-purpose hash, not ideal for password storage, so identical...
PT-2026-44042
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
Malicious code in aes-decode-runner-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84e76208311859e852fea114c26e1eff1202eeff9a463707c5ae0deec68725c aes-decode-runner-pro ships an opaque 326-byte AES-GCM ciphertext DEFAULTFINALENCODEDTEXT in src/config/defaults.js along with a hardcoded passphrase...