AZL-6974 CVE-2021-30004 affecting package wpa_supplicant for versions less than 2.9-4

In wpasupplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c...

ALPINE-CVE-2021-30004

In wpasupplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c...

wpa_supplicant and hostapd 输入验证错误漏洞

hostapd is a user space daemon for access points and authentication servers. wpasupplicant is a cross-platform WPA request program. The program supports WEP, WPA, and WPA2, among others. An input validation error vulnerability exists in wpasupplicant and hostapd 2.9, which stems from improper...

CVE-2021-25315

A flaw was found in Salt. This issue is caused by an incorrect implementation of the authentication algorithm, where openSUSE Tumbleweed allows local attackers to execute arbitrary code via Salt without the need to specify valid credentials in Salt versions before 3002.2-3. The highest threat fro...

[SECURITY] Fedora 33 Update: CGAL-5.1.3-1.fc33

Libraries for CGAL applications. CGAL is a collaborative effort of several sites in Europe and Israel. The goal is to make the most important of the solutions and methods developed in computational geometry available to users in industry and academia in a C++ library. The goal is to provide easy...

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2021-1694)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-1694)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-22309

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions...

Design/Logic Flaw

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions...

CVE-2021-22309

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions...

CVE-2021-22309

CVE-2021-22309 affects Huawei USG firewall products (USG9500, USG9520, USG9560, USG9580) with specific V500R001C30SPC200/ V500R001C60SPC500/ V500R005C00SPC200 for USG9500; USG9520 V500R005C00; USG9560 V500R005C00; USG9580 V500R005C00. Root cause is an insecure algorithm caused by using less rando...

KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd...

Hardcoded credentials

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp which is a guest account...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

CVE-2020-14516

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly...

Turbo-Intruder - A Burp Suite Extension For Sending Large Numbers Of HTTP Requests And Analyzing The Results

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It's intended to complement Burp Intruder by handling attacks that require exceptional speed, duration, or complexity. The following features set it apart: Fast - Turbo Intruder uses a...

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed a...

Google Releases Spectre PoC Exploit For Chrome

Google has released proof-of-concept PoC exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites. Three years after the Spectre attack was first disclosed, researchers with Google have now released a demonstration website that leverages the attack,...

PT-2021-3125

Name of the Vulnerable Software and Affected Versions Nettle versions prior to 3.7.2 Description A flaw was found in the Nettle signature verification functions, including GOST DSA, EDDSA, and ECDSA, where the Elliptic Curve Cryptography point multiply function is called with out-of-range scalers...

USN-4858-1 gradle vulnerabilities

It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A remote unauthenticated attacker could possibly use this issue to perform a machine-in-the-middle attack. CVE-2019-11065 It was discovered that...