Milesight AIOT cameras 安全漏洞

Milesight AIOT cameras are a series of intelligent monitoring cameras developed by the Chinese company Milesight, which integrates artificial intelligence and IoT technologies. There are security vulnerabilities in Milesight AIOT cameras, and these vulnerabilities stem from the generation of weak...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained a security vulnerability. This vulnerability stemmed from the lack of rate limiting in Nextcloud Talk’s webhook authentication process, which could allow attackers ...

CVE-2026-33488 AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

MiracleLinux 9 : libreoffice-7.1.8.1-8.el9.ML.1 (AXSA:2023-5035:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5035:03 advisory. libreoffice: Macro URL arbitrary script execution CVE-2022-3140 libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.151-1.b12.AXS4 (AXSA:2017-2337:08)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2337:08 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

Apache Druid 安全漏洞

Apache Druid is an American Apache Apache Foundation open source, column-oriented distributed database written in the Java language. A security vulnerability exists in Apache Druid version 34.0.0 and earlier, which stems from the use of weak fallback keys by the Kerberos authenticator, which coul...

EUVD-2019-6155

Malware in sbrugna...

EUVD-2008-3268

Malware in sbrugna...

EUVD-2016-4177

Malware in sbrugna...

EUVD-2005-2644

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-5493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier fo...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the HMAC and RSA key lengths used in the JSON Web Signature JWS implementation not meeting recommended security standards. Remediation Upgrade pyjwt to version 2.11.0 or higher. References - GitHub...

CVE-2008-3280

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google USA. Google Pixel suffers from a security vulnerability that stems from the fact that an incorrect implementation may lead to the generation of weak RSA key pairs, resulting in a cryptographic vulnerability...

Java JWT 安全漏洞

Java JWT is a jwtk open source JSON web token for Java and Android. A security vulnerability exists in Java JWT JJWT version 0.12.5, which stems from a security issue in the setSigningKey method in the DefaultJwtParser class and in the signWith method in the DefaultJwtBuilder class, which omits...

CVE-2023-27172

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack...

DEBIAN-CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

Mellon - OSDP Attack Tool

OSDP attack tool and the Elvish word for friend Attack 1: Encryption is Optional OSDP supports, but doesn't strictly require , encryption. So your connection might not even be encrypted at all. Attack 1 is just to passively listen and see if you can read the card numbers on the wire. Attack 2:...

Debian: Security Advisory (DLA-0003-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2014-9293

The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...