701 matches found
K000135178: OpenSSL vulnerability CVE-2023-2650
Security Advisory Description Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message...
PT-2023-21474 · Unknown · Osd Bare Metal Server
Name of the Vulnerable Software and Affected Versions: OSD Bare Metal Server affected versions not specified Description: The issue concerns the use of a cryptographic algorithm in the OSD Bare Metal Server that is no longer considered sufficiently secure. Recommendations: At the moment, there is...
CVE-2022-43949
A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...
Design/Logic Flaw
A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...
CVE-2022-43949
A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...
CVE-2022-43949
A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...
CVE-2022-43949
CVE-2022-43949 affects Fortinet FortiSIEM prior to 6.7.1, where the use of a broken or risky cryptographic algorithm (CWE-327) enables a remote unauthenticated attacker to perform brute force attacks on GUI endpoints by exploiting outdated hashing methods. The issue is documented across multiple ...
FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm
A use of a broken or risky cryptographic algorithm CWE-327 in FortiSIEM may allow a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...
FreeBSD : OpenSSL -- Possible DoS translating ASN.1 identifiers (eb9a3c57-ff9e-11ed-a0d1-84a93843eb75)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb9a3c57-ff9e-11ed-a0d1-84a93843eb75 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may...
CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
Information disclosure
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure...
CVE-2023-28076
Dell CloudLink (encryption and key management) prior to version 7.1.2 uses a broken or risky cryptographic algorithm. An unauthenticated remote attacker could exploit this to disclose information. A fix is available: update to 7.1.2 or later (per PT-2023-21537 and CNVD/Dell advisories). As a temp...
CVE-2023-28076
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure...
PT-2023-21537 · Cloudlink · Cloudlink
Name of the Vulnerable Software and Affected Versions: CloudLink versions prior to 7.1.2 Description: The issue is related to a broken or risky cryptographic algorithm, which could be exploited by an unauthenticated remote attacker, potentially leading to information disclosure. Recommendations:...
The vulnerability of Backup Exec’s software for backup and data restoration lies in its lack of authentication procedures. This allows attackers to elevate their privileges and execute arbitrary commands.
The vulnerability of Backup Exec’s backup and recovery software is related to deficiencies in authentication procedures when using the SHA cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands...
Improper Cryptographic Algorithm
jose4j is vulnerable to Improper Cryptographic Algorithm. The vulnerability exists due to the way RSA15 and RSAOAEP is implemented, allowing an attacker to decrypt RSA15 or RSAOAEP encrypted ciphertexts, and in addition, it may be feasible to sign with affected keys...
CVE-2022-45858
A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...
Design/Logic Flaw
A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...
CVE-2022-45858
A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...
CVE-2022-45858
A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...