CVE-2021-22774

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could lead an...

CVE-2021-22774

CVE-2021-22774 affects Schneider Electric EVlink City (EVC1S22P4/EVC1S7P4), EVlink Parking (EVW2/EVF2/EV.2), and EVlink Smart Wallbox (EVB1A) with all versions prior to R8 V3.4.0.1. The issue is CWE-759: Use of a One-Way Hash without a Salt, which could allow an attacker to recover charging-stati...

CVE-2021-22774

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could lead an...

Crafting a Custom Dictionary for Your Password Policy

Modern password policies are comprised of many different elements that contribute to its effectiveness. One of the components of an effective current password policy makes use of what is known as a custom dictionary that filters out certain words that are not allowed as passwords in the...

CVE-2021-32753

EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is...

CVE-2021-32753 Weak password in API gateway in EdgeX Foundry Edinburgh, Fuji, Geneva, and Hanoi releases allows remote attackers to obtain authentication token via dictionary-based password attack when OAuth2 authentication method is enabled.

EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is...

CVE-2021-33792

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary...

CVE-2021-33792

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary...

Out-of-bounds

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary...

EdgeX Foundry 安全漏洞

EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. EdgeX Foundry suffers from a security vulnerability that stems from the fact that when the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client id and clie...

Euros Football Fever Nets Dumb Passwords

The European soccer championship a.k.a. the Euros is stoking maximum football fever, which has slopped over into easy-to-crack passwords. Such as, say, “football.” That password is of course easy as pie to crack via a dictionary attack – a type of brute-force attack that involves trying thousands...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video. A security vulnerability exists in FFmpeg due to a memory leak in the av dictionary set function in dict.c. An attacker could use this vulnerability to conduct a denial-of-service attack. The vulnerability can ...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video. A security vulnerability exists in FFmpeg due to a memory leak in the av dictionary set function in dict.c. An attacker could use this vulnerability to conduct a denial-of-service attack. The vulnerability can ...

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

Design/Logic Flaw

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0695-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

The Account Takeover Threat: A By-the-Numbers Breakdown

Identity theft has come a long way in the age of technology. The more data is available online, the greater the threat. In this blog we will dive into the different characteristics and statistics of real world Account Takeover attacks as recorded and mitigated by Imperva’s Advanced Bot Protection...

PT-2021-6811 · Yandex +1 · Yandex Browser +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to v20.8.18.32-lts ClickHouse versions prior to v21.1.9.41-stable ClickHouse versions prior to v21.2.9.41-stable ClickHouse versions prior to v21.3.6.55-lts ClickHouse versions prior to v21.4.3.21-stable Yandex Brows...

Fixed in ClickHouse 21.4.3.21, 2021-04-12 

An attacker that has CREATE DICTIONARY privilege, can read arbitary file outside permitted directory...