CVE-2024-29886 Improved security for stored password hashes

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-29886 Improved security for stored password hashes

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-25389

RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;" in calcrandom in drivers/misc/rtrandom.c...

CVE-2024-25389

RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;" in calcrandom in drivers/misc/rtrandom.c...

CVE-2024-25389

RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;" in calcrandom in drivers/misc/rtrandom.c...

CVE-2024-25389

The CVE-2024-25389 entry concerns RT-Thread up to version 5.0.2, where the function calc_random (rt_random.c) uses a weak linear congruential generator seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;. This results in predictable random numbers and thus potential exploitation...

CVE-2024-25389

RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;" in calcrandom in drivers/misc/rtrandom.c...

CLSA-2024-1711475067 libssh: Fix of 2 CVEs

CVE-2023-1667: fix possible NULL-pointer dereference during re-keying with algorithm guessing - CVE-2023-48795: fix the prefix truncation attack on Binary Packet Protocol...

IBM Security Verify Directory Encryption Issue Vulnerability

IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. IBM Security Verify Directory version 10.0.0 suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which could be...

OESA-2024-1306 golang security update

The Go Programming Language. Security Fixes: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com...

CVE-2023-50967

A flaw was found in the Jose package, where a large number of iterations used to derive the wrapping key for the PBKDF2 algorithm may lead to a denial of service. This flaw allows an attacker to set a large number of PBKDF2' iterations, triggering an uncontrolled resource consumption that impacts...

Weak Cryptographic Hash

Liferay Portal is vulnerable to Weak Cryptographic Hash. The vulnerability exists due to the default password hashing algorithm PBKDF2-HMAC-SHA1 having a low work factor in the Liferay Portal. It allows attackers to crack password hashes quickly, potentially compromising user accounts and gaining...

IBM CICS TX Standard and Advanced suffers from a cryptographic problem vulnerability (CNVD-2024-15366)

IBM CICS TX Standardand Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard and Advanced has a cryptographic issue vulnerability that stems...

LaborOfficeFree 19.10 - MySQL Root Password Calculator Exploit

Exploit Title: LaborOfficeFree 19.10 MySQL Root Password Calculator - CVE-2024-1346 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.laborofficefree.com/ Software Link: https://www.laborofficefree.com/plans Version: 19.10 Tested on: Windows 10 CVE : CVE-2024-1346...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-24587)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26139)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26140)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26141)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26146)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-26143)

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...