5321 matches found
openssl: NULL dereference during PKCS7 data verification
A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...
Oracle Linux 9 : python3.9 (ELSA-2023-0953)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0953 advisory. 3.9.14-1.2 - Security fix for CVE-2022-45061 Resolves: rhbz2144072 Tenable has extracted the preceding description block directly from the Oracle Linux security...
CVE-2022-23541
A flaw was found in the jsonwebtoken library. Affected versions of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function will result in incorrect verification of tokens. Using a different algorithm and key combination in verification than what was...
CVE-2022-23540
A flaw was found in the jsonwebtoken library. In affected versions of the jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify function may lead to signature validation bypass due to defaulting to the none algorithm for signature verification...
Authentication flaw
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication...
CVE-2023-23040
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication...
Debian dla-3327 : libnss3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3327 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3327-1 [email protected]...
CVE-2023-23040
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication...
Oracle Linux 8 : python3 (ELSA-2023-0833)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0833 advisory. 3.6.8-48.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-48.1 - Security fixes for CVE-2020-10735, CVE-2021-28861 and...
K16938: OpenSSL vulnerability CVE-2015-1788
Security Advisory Description The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows...
K15578: MD5 Message-Digest Algorithm vulnerability CVE-2004-2761
Security Advisory Description The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. CVE-2004-2761 Impact A...
K95698826: LZO vulnerability CVE-2014-4607
Security Advisory Description An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cau...
K14638: TLS/SSL RC4 vulnerability CVE-2013-2566
Security Advisory Description The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same...
K74013101: Binutils vulnerability CVE-2021-42574
Security Advisory Description An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of...
K25244852: BIND vulnerability CVE-2018-5745
Security Advisory Description "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses...
K54022413: GnuTLS vulnerability CVE-2015-0294
Security Advisory Description GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CVE-2015-0294 Impact GnuTLS does not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different...
K16864: SSL/TLS RC4 vulnerability CVE-2015-2808
Security Advisory Description The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream...
K15513: LZ4 vulnerability CVE-2014-4611
Security Advisory Description Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial ...
K52559937: Overview of NGINX vulnerabilities (May 2021)
Security Advisory Description On May 25, 2021, NGINX announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your NGINX systems. The details of each issue can be found in the associated Security Advisory...
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...