Updated python-authlib packages fix security vulnerability

Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

MGASA-2024-0238 Updated python-authlib packages fix security vulnerability

Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

CVE-2024-3264

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation. This issue affects Mia-Med Health Aplication: before 1.0.14...

CVE-2024-3264 Broken or Risky Cryptographic Algorithm in Mia Technology's Mia-Med Health Aplication

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation. This issue affects Mia-Med Health Aplication: before 1.0.14...

CVE-2024-3264

CVE-2024-3264 concerns Mia Technology’s Mia-Med Health Application. Multiple connected sources describe a vulnerability arising from the use of a broken or risky cryptographic algorithm that enables signature spoofing due to improper validation/authentication. The affected product is reported as ...

CVE-2024-36496

CVE-2024-36496 affects Faronics WINSelect (Standard + Enterprise) with vulnerable configurations prior to 8.30.xx.903. The issue arises from encrypting the configuration file using a static key derived from a static five-character password. That password is hashed with MD5 (no salt), and the firs...

CVE-2024-24554 Bludit - Insecure Token Generation

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

Bludit Security Breach

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit that stems from the use of the SHA-1 hash algorithm to calculate password hashes, which can be brute-force attacked by an attacker to determine plaintext passwords...

PT-2024-27030 · Faronics · Winselect

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns the encryption of a configuration file using a static key derived from a static five-character password. This password is hashed with the outdated MD5 algorithm, which i...

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

CVE-2024-5213

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...

CVE-2024-5213 Exposure of Sensitive Information in mintplex-labs/anything-llm

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2024:2064-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2064-1 advisory. - Update to version 1.3.1 - CVE-2024-37568: Fixed algorithm confusion with asymmetric public keys...

Analysis of user password strength

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...

SUSE-SU-2024:2064-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: - Update to version 1.3.1 - CVE-2024-37568: Fixed algorithm confusion with asymmetric public keys. bsc1226138...

Adobe ColdFusion Weak Algorithm Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a weak algorithmic vulnerability that stems from the presence of weak...

CVE-2024-38443

C/sorting/binaryinsertionsort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements...

CVE-2024-38443

CVE-2024-38443 affects The Algorithms – C, specifically the binary_insertion_sort.c implementation across the e5dad3f release, where a segmentation fault occurs due to deep recursion. The impact is noted for common use cases like sorting an array of ~50 elements, implying potential stack overflow...

CVE-2024-27161

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult t...

CVE-2024-27161

CVE-2024-27161 concerns Toshiba multifunction printers (MFPs) with programs containing a hardcoded key used to encrypt files. The root cause is the use of a hardcoded credential and insecure encryption, allowing an attacker who can access the device to decrypt stored/files by using that key. Seve...