5312 matches found
New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
Introduction In August 2024, our team identified a new crimeware bundle, which we named "SteelFox". Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular...
SUSE CVE-2024-50110
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...
DEBIAN-CVE-2024-50110
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...
AZL-52526 CVE-2024-50110 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...
UBUNTU-CVE-2024-50110
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...
CVE-2024-50110 xfrm: fix one more kernel-infoleak in algo dumping
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...
SUSE CVE-2024-33662
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm through the generateUserLink function. This could lead to account takeover, which can lead to theft of sensitive data, modification of website content, addition/deletion of administrator...
YesWiki Uses a Broken or Risky Cryptographic Algorithm
Summary The use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. Details Firstly, the salt used to hash the password reset key is hard-coded in the includes/services/UserManager.php file...
GHSA-4FVX-H823-38V3 YesWiki Uses a Broken or Risky Cryptographic Algorithm
Summary The use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. Details Firstly, the salt used to hash the password reset key is hard-coded in the includes/services/UserManager.php file...
CVE-2024-51478 Use of a Broken or Risky Cryptographic Algorithm in YesWiki
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5...
CVE-2024-51478
YesWiki (PHP) prior to version 4.4.5 is vulnerable due to use of a weak cryptographic algorithm and a hard-coded salt for hashing the password reset key, enabling recovery and reuse to reset any account’s password. The issue is fixed in 4.4.5. A PoC and multiple advisories (GHSA-4FVX-H823-38V3, V...
CVE-2024-51478 Use of a Broken or Risky Cryptographic Algorithm in YesWiki
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5...
CVE-2024-51478 Use of a Broken or Risky Cryptographic Algorithm in YesWiki
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5...
RUSTSEC-2024-0379 Multiple soundness issues
fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...
[SECURITY] Fedora 41 Update: oath-toolkit-2.6.12-1.fc41
The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...
PT-2024-40926 · Pqcrypto · Pqcrypto
Name of the Vulnerable Software and Affected Versions: pqcrypto crate affected versions not specified Description: The pqcrypto crate has been replaced by pqcrypto-mldsa, which provides a FIPS204-compatible implementation of ML-DSA. Recommendations: At the moment, there is no information about a...
[SECURITY] Fedora 40 Update: oath-toolkit-2.6.12-1.fc40
The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...
[SECURITY] Fedora 39 Update: oath-toolkit-2.6.12-1.fc39
The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...
CVE-2024-10128
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been...