CVE-2022-30740

CVE-2022-30740 describes an improper auto-fill algorithm in Samsung Internet o n Android prior to version 17.0.1.69 that can allow a physical attacker to guess stored credit card numbers. The vulnerability originates from how autofill data is managed, enabling local/physical access exploitation w...

CVE-2022-30740

Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers...

Elastic Elasticsearch Java Vulnerability (ESA-2022-06)

Elastic Elasticsearch is prone to a vulnerability in Java. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:elasticsearch"...

Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool

This blog is part of our live coverage from RSA Conference 2022: Prometheus—a ransomware build based on Thanos that locked up victims’ computers in the summer of 2021—included a major “vulnerability” that led security researchers at IBM to try and build a one-size-fits-all ransomware decryptor th...

CVE-2022-32296

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...

CVE-2022-32296

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...

Timing Attack

ezsystems/ezplatform-kernel is vulnerable to timing attacks. The vulnerability exists because the library uses random execution time, which is not a secure enough algorithm to be used when authenticating users into the system, resulting in sensitive user information disclosure...

CVE-2022-29729

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page...

Default credentials

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page...

Hakoriginfinder - Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide vi...

CVE-2022-29729

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page...

The vulnerability of the Libgcrypt cryptographic library, which stems from the use of a weak cryptographic algorithm. This allows attackers to gain access to confidential information.

The vulnerability of the Libgcrypt cryptographic library lies in the use of a weak cryptographic algorithm. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential information...

Security Bulletin: IBM Elastic Storage System 3000 is affected by weak cryptographic algorithm (CVE-2020-4350)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2020-4350 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithm...

Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by weak crypto algorithm (CVE-2020-4379)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4379 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorith...

Security Bulletin: IBM Elastic Storage System 3000 is affected by weak crypto algorithm (CVE-2020-4349)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI that could allow an unauthorised user to execute commands . A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4349 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 throu...

CVE-2021-32997

The affected Baker Hughes Bentley Nevada products 3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01...

CVE-2021-32997

CVE-2021-32997 affects Baker Hughes Bently Nevada 3500 equipment. Affected products and versions include System 1 6.x (Part 3060/00, 6.98 and prior), System 1 (Part 3071/xx & 3072/xx, 21.1 HF1 and prior), 3500 Rack Configuration (Part 129133-01, 6.4 and prior), and 3500/22M Firmware (Part 288055-...

Key confusion through non-blocklisted public key formats

Impact What kind of vulnerability is it? Who is impacted? Disclosed by Aapo Oksman Senior Security Specialist, Nixu Corporation. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requir...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/dsa is a Go standard library package std/crypto/dsa Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the Verify function. An attacker can cause excessive resource consumption and make affecte...

Use of Insufficiently Random Values in Apereo CAS

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...