Design/Logic Flaw

Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username...

CVE-2022-29589

CVE-2022-29589 affects Crypt Server prior to version 3.3.0. The issue is an XSS in the index view related to serial, computername, and username fields. The underlying cause is not detailed in the provided documents beyond this linkage. Public references indicate the fix was released in version 3....

CVE-2022-29589

Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username...

Crypt-Server 跨站脚本漏洞

Crypt-Server is a Django web application by Graham Gilbert, an individual developer in the United States. It is used to host file library keys sent by the Crypt client application. A security vulnerability exists in Crypt-Server versions prior to 3.3.0, which stems from allowing the use of XSS in...

Sha256 Crypt和Sha512 Crypt 安全漏洞

Both Sha256 Crypt and Sha512 Crypt are a cryptographic hash function by the individual developer Ulrich Drepper. A security vulnerability exists in Sha256 Crypt and Sha512 Crypt that allows an attacker to cause a denial of service CPU consumption by exploiting the vulnerability because the...

DEBIAN-CVE-2022-24953

The CryptGPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions...

UBUNTU-CVE-2022-24953

The CryptGPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions...

PT-2022-17010 · Php · Crypt Gpg

Name of the Vulnerable Software and Affected Versions: Crypt GPG extension for PHP versions prior to 1.6.7 Description: The issue concerns the Crypt GPG extension for PHP, where it fails to prevent additional options in GPG calls. This poses a risk for certain environments and GPG versions...

Fedora: Security Advisory for cryptsetup (FEDORA-2022-61b55b6ebc)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Mageia: Security Advisory (MGASA-2013-0289)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: cryptsetup-2.3.7-1.fc34

The cryptsetup package contains a utility for setting up disk encryption using dm-crypt kernel module...

[SECURITY] Fedora 35 Update: cryptsetup-2.4.3-1.fc35

The cryptsetup package contains a utility for setting up disk encryption using dm-crypt kernel module...

389 security update

CentOS Errata and Security Advisory CESA-2021:3807 An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : 389-ds-base (RHSA-2021:3807)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3807 advisory. - A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any passwo...

RHEL 8 : 389-ds:1.4 (RHSA-2021:3906)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3906 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (2021:3807)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:3807-1 advisory. - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Note that Nessus has not tested for this issue but has...

RHEL 7 : 389-ds-base (RHSA-2021:3807)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3807 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

Updated 389-ds-base packages fix security vulnerability

Fixed crypt handling of locked accounts. CVE-2021-3652...