Fedora: Security Advisory for golang-github-cespare-xxhash (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-nbutton23-zxcvbn (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-pkg-diff-0-0.4.20210406git20ebb0f.fc36

Module github.com/pkg/diff can be used to create, modify, and print diffs. The top level package, diff, contains convenience functions for the most comm on uses. The subpackages provide very fine-grained control over every aspect: - myers: creates diffs using the Myers diff algorithm. - edit:...

[SECURITY] Fedora 36 Update: golang-github-oneofone-xxhash-1.2.8-5.fc36

This is a native Go implementation of the excellent xxhash algorithm, an extremely fast non-cryptographic Hash algorithm, working at speeds close to R AM limits...

[SECURITY] Fedora 36 Update: golang-github-nbutton23-zxcvbn-0.1-8.20210110gite56b841.fc36

Zxcvbn password complexity algorithm in golang...

[SECURITY] Fedora 36 Update: golang-github-cespare-xxhash-2.1.2-3.fc36

xxhash is a Go implementation of the 64-bit xxHash algorithm, XXH64. This is a high-quality hashing algorithm that is much faster than anything in the Go standard library...

Mageia: Security Advisory (MGASA-2022-0244)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-pyjwt packages fix security vulnerability

An attacker submitting the JWT token can choose the used signing algorithm CVE-2022-29217...

MGASA-2022-0244 Updated python-pyjwt packages fix security vulnerability

An attacker submitting the JWT token can choose the used signing algorithm CVE-2022-29217...

Design/Logic Flaw

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access...

CVE-2022-31230

The CVE-2022-31230 entry concerns Dell PowerScale OneFS (versions 8.2.x–9.2.x) with a broken or risky cryptographic algorithm. The vulnerability could allow a remote unprivileged attacker to gain full system access. The issue is documented in NVD and supported by Dell EMC advisory DSA-2022-118. T...

CVE-2022-31230

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access...

Motorola Solutions MDLC

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MDLC Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Plaintext Storage of a Password CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found...

Brave Search wants to replace Google’s biased search results with yours

Brave Search, Brave Softwares privacy search engine, just turned one. To celebrate, the company says it is moving the search engine out of its beta phase to become the default search engine for all Brave browser users. Goodbye, Google? Not entirely. In May 2015, Mozilla alumni Brendan Eich and...

The vulnerability of the Motorola Data Link Communication protocol’s implementation lies in the use of the Tiny Encryption Algorithm (TEA) in the ECB mode. This allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the Motorola Data Link Communication MDLC protocol lies in the use of the Tiny Encryption Algorithm TEA for block encryption in the ECB mode. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...

Malicious Package

Overview git-dependency-maker is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

PT-2022-3092 · Motorola · Motorola Mdlc Protocol

Name of the Vulnerable Software and Affected Versions: Motorola MDLC protocol through 2022-05-02 Description: The issue is related to the Motorola MDLC protocol's handling of message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption...

Hertzbleed: A New Side-Channel Attack

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but its not generally viable because measuring power consumption is often hard. This new attack measures power consumption ...

Maker buy order with no specified NFT tokenIds may get fulfilled in matchOneToManyOrders without receiving any NFT

Lines of code Vulnerability details The call stack: matchOneToManyOrders - matchOneMakerSellToManyMakerBuys - execMatchOneMakerSellToManyMakerBuys - execMatchOneToManyOrders - transferMultipleNFTs Based on the context, a maker buy order can set OrderItem.tokens as an empty array to indicate that...

GHSA-978J-88F3-P5J3 Threshold value is ignored (all shares are n=3)

Affected versions of this crate did not properly calculate secret shares requirements. This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit. The flaw was corrected by correctly configuring the threshold...