5309 matches found
CVE-2025-27595 Weak hashing alghrythm
The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device...
CVE-2025-27595 Weak hashing alghrythm
The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device...
IBM Security QRadar 加密问题漏洞
IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. IBM Security QRadar version 3.12 EDR suffer...
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
...
Siemens SCALANCE X-200RNA Switch Devices Resource Management Errors (CVE-2015-1788)
The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a...
CVE-2025-27508 Emissary Use of a Broken or Risky Cryptographic Algorithm
Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...
Linux Distros Unpatched Vulnerability : CVE-2024-33663
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. CVE-2024-33663 Note that...
Linux Distros Unpatched Vulnerability : CVE-2021-36647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11...
Linux Distros Unpatched Vulnerability : CVE-2021-42574
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...
Linux Distros Unpatched Vulnerability : CVE-2021-3979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to...
Linux Distros Unpatched Vulnerability : CVE-2015-2808
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes...
Linux Distros Unpatched Vulnerability : CVE-2014-8147
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU...
Linux Distros Unpatched Vulnerability : CVE-2013-2566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct...
Linux Distros Unpatched Vulnerability : CVE-2019-16370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has th...
Linux Distros Unpatched Vulnerability : CVE-2014-8146
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU...
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Summary In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. Details This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The root cau...
Manifest Uses a One-Way Hash without a Salt
Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...
GHSA-H8H6-7752-G28C Manifest Uses a One-Way Hash without a Salt
Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...
TikTok: Major investigation launched into platform’s use of children’s data
TikTok is the subject of yet another major investigation, reports BBC News. This time around, the UK’s Information Commissioner's Office ICO is going to look at how the data of 13 to 17-year-olds feeds the algorithm that decides what further content to show. The ICO introduced a children’s code f...
Linux Distros Unpatched Vulnerability : CVE-2010-3614
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security...