CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

Improper Cryptographic Algorithm

jose4j is vulnerable to Improper Cryptographic Algorithm. The vulnerability exists due to the way RSA15 and RSAOAEP is implemented, allowing an attacker to decrypt RSA15 or RSAOAEP encrypted ciphertexts, and in addition, it may be feasible to sign with affected keys...

CVE-2022-45858

A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...

Design/Logic Flaw

A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...

CVE-2022-45858

A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...

CVE-2022-45858

A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...

Fortinet FortiNAC 加密问题漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from the use of a weak encryption algorithm vulnerability...

FortiNAC - SSH Weak Key Exchange Algorithm

A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...

Dreamer CMS 安全漏洞

Dreamer CMS is a dreamer content management system by Junnan Wang, a Chinese individual developer. A security vulnerability exists in Dreamer CMS version 4.1.3 and prior versions. An attacker exploited the vulnerability to cause a reduction in algorithm complexity...

CVE-2023-31436

qfqchangeclass in net/sched/schqfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQMINLMAX...

Improper Implementation of Interface

Lines of code Vulnerability details Impact The improper implementation of interfaces can cause unexpected behavior in the contract and lead to an unwanted state of the contract. This can potentially affect several functions. Description The DNSSECImpl contract contains two internal functions,...

LimeRAT Malware Analysis: Extracting the Config

Remote Access Trojans RATs have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it...

SHA1Digest Contract Vulnerability

Lines of code Vulnerability details Impact The vulnerability is related to the use of the SHA1 hashing algorithm in the SHA1Digest contract. SHA1 is an outdated cryptographic hash function that has been deprecated by most security experts due to its weaknesses and susceptibility to collision...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1646)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

verifySignatureWithKey - RRSIG RR's Signer's Name is never checked if it matches owner name

Lines of code Vulnerability details Impact According to RFC 4035 and as mentioned in the comments in function "verifySignatureWithKey" , the Signer's name should also be checked if it matches the owner name. If the Signer's Name field of an RRSIG record does not match the owner name of a DNSKEY...

CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

Design/Logic Flaw

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

UBUNTU-CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

Fedora: Security Advisory for golang-github-cenkalti-backoff (FEDORA-2023-cb20f08a4e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...