5320 matches found
CVE-2023-23120
The use of the cyclic redundancy check CRC algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle MITM attack to modify the new...
CVE-2022-45782
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...
CVE-2022-45782
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...
Command injection
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0452
Summary of CVE-2023-0452 : Econolite EOS before 3.2.23 uses a weak hash (MD5) to encrypt privileged credentials in a configuration file that is accessible without authentication. This can expose administrator/technician credentials and related data. The issue is documented in multiple connected s...
PT-2023-16281 · Econolite · Econolite Eos
Name of the Vulnerable Software and Affected Versions: Econolite EOS versions prior to 3.2.23 Description: The issue concerns the use of a weak hash algorithm for encrypting privileged user credentials. A configuration file, accessible without authentication, utilizes MD5 hashes for credential...
authselect bug fix update
An update is available for authselect. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The authselect package configures authentication and identity sources from...
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
...
RecollateralizationLib: Flaw in basket range calculation leads to early basket compromise and loss to RToken holders
Lines of code Vulnerability details Impact This report deals with how the recollateralization algorithm underestimates the number of baskets it can hold by calculating unnecessary costs for collateral that does not need to be traded. When this number of baskets it thinks it can hold is reached -...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
AZL-13023 CVE-2021-36647 affecting package fluent-bit for versions less than 2.0.9-1
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
Design/Logic Flaw
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
CVE-2021-36647
The issue (CVE-2021-36647) is in the mbed TLS library, specifically the function mbedtls_mpi_exp_mod() in lignum.c. All affected releases prior to 3.0.0, 2.27.0, or 2.16.11 are vulnerable. The underlying problem is the use of a broken or risky cryptographic algorithm that, when an attacker has pr...
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...