Unclear TwapOracle.consult algorithm

Handle cmichel Vulnerability details The TWAPOracle.consult function is unclear to the auditor. It seems to iterate through all registered pairs that share the token parameter USDV or VADER and then sums up the foreign token pair per token price. And divides this sum sumNative by the summed-up US...

BillQuick Web Suite txtID SQLi

This module exploits a SQL injection vulnerability in BillQUick Web Suite prior to version 22.0.9.1. The application is .net based, and the database is required to be MSSQL. Luckily the website gives error based SQLi messages, so it is trivial to pull data from the database. However the webapp us...

Improper hashing in enrocrypt

Impact The vulnerability is we used MD5 hashing Algorithm In our hashing file. If anyone who is a beginnerand doesn't know about hashes can face problems as MD5 is considered a Insecure Hashing Algorithm. Patches The vulnerability is patched in v1.1.4 of the product, the users can upgrade to...

GHSA-35M5-8CVJ-8783 Improper hashing in enrocrypt

Impact The vulnerability is we used MD5 hashing Algorithm In our hashing file. If anyone who is a beginnerand doesn't know about hashes can face problems as MD5 is considered a Insecure Hashing Algorithm. Patches The vulnerability is patched in v1.1.4 of the product, the users can upgrade to...

The vulnerability of the bidirectional algorithm in the implementation of Unicode standards, related to errors in code generation, allows a violator to execute arbitrary codes.

The vulnerability of the bidirectional algorithm in the implementation of Unicode is related to errors in code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

openssh: Observable discrepancy leading to an information leak in the algorithm negotiation

A flaw was found in OpenSSH in versions 5.7 through 8.3, where an Observable Discrepancy occurs and leads to an information leak in the algorithm negotiation. This flaw allows a man-in-the-middle attacker to target initial connection attempts, where there is no host key for the server that has be...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Security Tool Guts: How Much Should Customers See?

Many cybersecurity tools use engines that calculate risk for events in customer environments. The accuracy of these risk engines is a major concern for customers, since it determines whether an attack is detected or not. Therefore, organizations often request visibility into how a risk engine...

Low: libsolv security and bug fix update

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fixes: libsolv: heap-based buffer overflow in testcaseread in src/testcase.c CVE-2021-3200 For more details about the security issues, including the impact, a CVSS score,...

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Observable discrepancy leading to an information leak in the algorithm negotiation...

Code injection

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

PYSEC-2021-385

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

CVE-2021-39182

CVE-2021-39182 affects EnroCrypt, a Python module for encryption and hashing. Before v1.1.4, it used MD5 in hashing.py, an insecure hash algorithm. The root cause is the use of MD5 in the hashing file, and the vulnerability is patched in v1.1.4. A workaround described is removing the MD5 hashing ...

thunderbird: Memory corruption when processing S/MIME messages

A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...

thunderbird: Memory corruption when processing S/MIME messages

A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...

CVE-2021-34741

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to perform a denial of service DoS attack against an affected device. This vulnerability is due to insufficient input validation of...

CVE-2021-34741 Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to perform a denial of service DoS attack against an affected device. This vulnerability is due to insufficient input validation of...

Facebook to Shut Down Facial Recognition System and Delete Billions of Records

Facebook's newly-rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its...

VulnCheck KEV: CVE-2018-15811

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters...