CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

ALPINE-CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

[SECURITY] Fedora 37 Update: golang-github-cenkalti-backoff-4.2.0-2.fc37

This is a Go port of the exponential backoff algorithm from Google's HTTP Client Library for Java. Exponential backoff is an algorithm that uses feedback to multiplicatively decrease the rate of some process, in order to gradually find an acceptable rate. The retries exponentially increase and st...

The vulnerability of the microprogramming software for Schneider Electric’s logic controllers for building and facility control systems, namely Schneider Electric’s spaceLYnk and Schneider Electric’s homeLYnk, stems from the use of a unreliable cryptographic algorithm. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the microprogramming software used in Schneider Electric’s logic controllers for building and facility control, such as Schneider Electric’s spaceLYnk and homeLYnk, is related to the use of a unreliable cryptographic algorithm. Exploiting this vulnerability could allow an...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Integrated Management Module II (IMM2) for BladeCenter, System x and FLEX Systems (CVE-2015-7575)

Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Integrated Management Module II IMM2 for BladeCenter, System x, and FLEX Systems. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Integrated Management Module II IMM2 for BladeCenter, System x, and FLE...

Apache Linkis Weak Algorithm Vulnerability

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and earlier versions have a weak algorithmic vulnerability that stems from an oversimplified default token generated during Linkis Gateway...

Oracle Linux 9 : curl (ELSA-2023-1701)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-1701 advisory. 7.76.1-19.el91.2 - fix HTTP multi-header compression denial of service CVE-2023-23916 Tenable has extracted the preceding description block directly from the...

Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

Exploit Title: Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

Design/Logic Flaw

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

CVE-2023-26855

CVE-2023-26855 concerns ChurchCRM v4.5.3, where the hashing algorithm uses a non-random salt. This weakens password security because attackers could leverage precomputed hash tables or dictionary attacks to crack hashes. The related documents consistently identify the vulnerable component as the ...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

ChurchCRM 安全特征问题漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v4.5.3 that stems from the program's hashing algorithm utilizing non-random salt values. An attacker exploiting this vulnerability could break a hashed password by using a pre-computed hash...

CVE-2023-29218

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited...

CVE-2023-29218

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited...

Design/Logic Flaw

DISPUTED The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as...

TikTok: What’s going on and should I be worried?

Since 2020, several governments and organizations have banned, or considered banning, the immensely popular social media app TikTok from their staffs devices. With all these alarming bells ringing, we thought it might be handy to break down what we know and see if we can plot a sensible strategy...

VulnCheck KEV: CVE-2021-27877

Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...

CVE-2023-29218

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited...