GHSA-WWVV-X5MQ-H3JJ Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

CVE-2021-33582

A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to...

Doodle Smart app and Doodle Converter (smart socket) have a flawed logic vulnerability

Doodle Smart is an IoT cloud platform that connects brands, OEMs, developers and chain retailers with their intelligence needs, providing a one-stop AI IoT PaaS-level solution that covers hardware development, global cloud, and smart business platform development, providing comprehensive ecologic...

IBM Sterling Secure Proxy Weak Encryption Algorithm Vulnerability (CNVD-2021-68436)

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a weak encryption algorithm vulnerability. An attacker could...

CVE-2021-33003

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm...

CVE-2021-33003

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm...

CVE-2021-27913 Use of a Broken or Risky Cryptographic Algorithm

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

On : No Rate Limit in Login Page

The login page of the website did not have a rate limit implemented, allowing an attacker to perform brute force attacks by trying multiple login attempts without being restricted...

DIAEnergie Weak Hash Algorithm Vulnerability

DIAEnergie is an industrial energy management system from Delta Electronics. A weak hash algorithm vulnerability exists in DIAEnergie 1.7.5 and earlier versions. An attacker can exploit this vulnerability to retrieve plaintext passwords...

UPchieve: No rate Limit on Password Reset page on upchieve

Summary: Introduction A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status...

Delta Electronics DIAEnergie 加密问题漏洞

DIAEnergie is an industrial energy management system from Delta Electronics. A weak hash algorithm vulnerability exists in DIAEnergie 1.7.5 and earlier versions. An attacker can exploit this vulnerability to retrieve plaintext passwords...

Algorithms compute incorrect results in blake2

An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes...

IBM Security SOAR Information Disclosure Vulnerability

IBM Security SOAR, formerly Resilient, is an IBM product designed to help your security team confidently address cyber threats, automate through intelligence and collaborate through consistency.IBM Security SOAR is vulnerable to an information disclosure vulnerability that stems from the...

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...

UBUNTU-CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...

ARM mbed TLS 信任管理问题漏洞

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. ARM mbed TLS has a security vulnerability that stems from the fact that the null algorithm parameter term is the same as the real array of size 0 and therefore the certificate is considered...

The vulnerability of the SSH server on the ROSA KOBALT operating system lies in the use of weak encryption algorithms such as RC4 and Blowfish. This allows attackers to circumvent cryptographic security measures.

The vulnerability of the SSH server on the ROS KOBALT operating system is related to the use of weak encryption algorithms such as RC4 and Blowfish. Exploiting this vulnerability allows a remote attacker to circumvent the cryptographic security measures...