FreeBSD : OpenSSL remote denial of service vulnerability (012809ce-83f3-11ea-92ab-00163e433440)

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 'signaturealgorithmscert' TLS extension. The crash occurs if an invalid or unrecognized signature algorithm i...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Security Bulletin: A Security vulnerability in Apache Tomcat used by Rational Build Forge (CVE-2017-15706)

Summary There is a potential security vulnerability in the Apache Tomcat used by Rational Build Forge. Vulnerability Details CVEID: CVE-2017-15706 DESCRIPTION: Apache Tomcat could provide weaker than expected security, caused by the incorrect documentation of the CGI search algorithm used by the...

RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256

JWT Attack to change the algorithm RS256 to HS256 Usage usage: RS2562HS256JWT.py -h payload pubkey positional arguments: payload JSON payload from JWT to attack pubkey Public key file to use for signing optional arguments: -h, --help show this help message and exit Example Download RS256-2-HS256...

Microsoft Security Advisory: Update for deprecation of MD5 hashing algorithm for Microsoft root certificate program: August 13, 2013

Microsoft Security Advisory: Update for deprecation of MD5 hashing algorithm for Microsoft root certificate program: August 13, 2013 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related...

Microsoft security advisory: Deprecation of SHA-1 hashing algorithm for Microsoft root certificate program: January 12, 2016

Microsoft security advisory: Deprecation of SHA-1 hashing algorithm for Microsoft root certificate program: January 12, 2016 Summary Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. ...

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. A flaw was found in the XML Digital Signature component in OpenJDK. Untrusted code could use this flaw to replace the Java Runtime Environment JRE XML Digital Signature Transform or C14N algorithm implementations to intercept digital signature operation...

CentOS 7 : bind (RHSA-2020:1061)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1061 advisory. - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in...

CVE-2020-7212

The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...

Staging.every.org: No Rate Limit On Reset Password

Summary: A rate limiting algorithm is used to check if the user session or IP address has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP servers can respond with status code 429: Too Many Requests. wikipedia I...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

Design/Logic Flaw

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-10601

CVE-2020-10601 affects VISAM VBASE Editor (11.5.0.2) and VBASE Web-Remote Module. The root cause is a weak hashing algorithm and insecure permissions, enabling a local attacker to bypass the password‑protected mechanism via brute-force or by overwriting the password hash. Impact is local, allowin...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

RHEL 7 : bind (RHSA-2020:1061)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1061 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C...

bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed b...

CVE-2019-14855

A flaw was found in OpenPGP Key Certification Forgeries in the way certificate signatures could be forged by using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures...

glpi -- weak csrf tokens

MITRE Corporation reports: In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

Facial Recognition for People Wearing Masks

The Chinese facial recognition company Hanwang claims it can recognize people wearing masks: The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a...

CVE-2020-7001

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...