CVE-2022-37177

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence...

Ubuntu: Security Advisory (USN-2415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

Design/Logic Flaw

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

CVE-2021-3979 concerns a key length flaw in Ceph Storage (Red Hat Ceph Storage). The attacker could exploit incorrect key length handling to produce non-random keys, potentially weakening confidentiality and integrity of encrypted disks. The connected advisories confirm this vulnerability within ...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

PT-2022-19462 · Unknown · Notrinoserp

Name of the Vulnerable Software and Affected Versions: notrinoserp versions prior to v0.7 Description: The issue results in exposure of private personal information to an unauthorized actor, leading to privilege escalation to a system administrator account. This allows an attacker to gain access ...

Fedora: Security Advisory for rsync (FEDORA-2022-25e4dbedf9)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Spyware Hunters Are Expanding Their Tool Set

This invasive malware isn’t just for phones—it can target your PC too. But a new batch of algorithms aims to weed out this threat...

The vulnerability in the implementation of the SSLContext class in My Cloud OS operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SSLContext class implementation in My Cloud OS networking storage operating systems is related to the choice of a less secure algorithm during negotiation processes. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...

SUSE SLED15: ceph / ceph-base / ceph-common / ceph-fuse / etc (SUSE-SU-2022:2818-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2818-1 advisory. - Update to 16.2.9-536-g41a9f9a5573: - bsc1195359, bsc1200553 rgw: check bucket shard init status in...

Cisco Confirms It's Been Hacked by Yanluowang Ransomware Gang

Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful...

Malicious Package

Overview ot-daily-algorithm is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

podman bug fix and enhancement update

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

Emerson OpenBSI

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: OpenBSI Vulnerabilities: Use of Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key CISA is aware of a public report, “OT:ICEFALL,” that details...

DNN (DotNetNuke) < 9.3.0 Multiple Vulnerabilities

DNN formerly DotNetNuke is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to othe...