CVE-2021-25263

An attacker that has CREATE DICTIONARY privilege, can read arbitary file outside permitted directory. Fix has been pushed to versions 20.8.18.32-lts, 21.1.9.41-stable, 21.2.9.41-stable, 21.3.6.55-lts, 21.4.3.21-stable and later. Vyacheslav Egoshin...

Open-Xchange: Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt

0x01 Path Traversal in dict-fs module If we use fs to store dictionaries, when program get the value of key: static int fsdictlookupstruct dict dict, poolt pool, const char key, const char valuer, const char errorr struct fsdict dict = struct fsdict dict; struct fsfile file; struct istream input;...

Prototype Pollution

style-dictionary is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

@fluentui/token-pipeline (>=0.3.3 <=0.22.0), @inmotionnow/momentum-components (>=91.0.0 <=102.34.1) +5 more potentially affected by unknown CVE via style-dictionary (>=2.10.0 <=2.10.2)

style-dictionary NPM version =2.10.0, =0.3.3, =91.0.0, =1.0.2, =0.1.0, =0.0.2, =1.0.0, =1.6.7 - digix-ui =3.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-STYLEDICTIONARY-1080632...

Prototype Pollution

Overview style-dictionary is a Style once, use everywhere. A build system for creating cross-platform styles. Affected versions of this package are vulnerable to Prototype Pollution. PoC const StyleDictionary = require'style-dictionary'; const obj = ; let opts =...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1357)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21253

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...

CVE-2021-21253

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...

Information disclosure

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...

CVE-2021-21253 Use of a One-Way Hash without a Salt in OnlineVotingSystem

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...

CVE-2021-21253

CVE-2021-21253 concerns OnlineVotingSystem, an open-source project. The vulnerability affects versions prior to 1.1.2 where user passwords are hashed without a salt, making them susceptible to dictionary attacks (e.g., rainbow tables). The root cause is the absence of a long randomly generated sa...

OnlineVotingSystem Encryption Problem Vulnerability

Dbijaya OnlineVotingSystem is a Java-based online voting system from the individual developers of Dbijaya. OnlineVotingSystem before version 1.1.2 suffers from a cryptographic vulnerability that stems from not using a salt to hash a user's password, which can be exploited by an attacker to make i...

EulerOS 2.0 SP3 : python-ipaddress (EulerOS-SA-2021-1115)

According to the version of the python-ipaddress package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow...

Three Word Passwords

Introduction The National Cyber Security Centre NCSC have advocated the use of three random words for several years to create strong passwords, and that advice has been repeated recently by the National Crime Agency, and multiple police forces in the UK…. but just how strong are these passwords?...

OSV-2018-288 Use-of-uninitialized-value in jbig2_decode_symbol_dict

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9688 Crash type: Use-of-uninitialized-value Crash state: jbig2decodesymboldict jbig2symboldictionary jbig2parsesegment...

DLL Hijacking Vulnerability in Netease Youtao Dictionary PC Version (CNVD-2021-05433)

Youdao Dictionary is the world's first all-around free language translation software based on search engine technology, produced by NetEase Youdao, NetEase Youdao Dictionary PC terminal dll hijacking vulnerability. There is a DLL hijacking vulnerability in Netease Youdao Dictionary PC, which can ...

DLL Hijacking Vulnerability in Netease Youtao Dictionary PC Version (CNVD-2021-05431)

Youdao Dictionary is the world's first all-around free language translation software based on search engine technology, produced by NetEase Youdao, NetEase Youdao Dictionary PC terminal dll hijacking vulnerability. There is a DLL hijacking vulnerability in Netease Youdao Dictionary PC, which can ...

DLL Hijacking Vulnerability in Netease Youtao Dictionary PC Version (CNVD-2021-05430)

Youdao Dictionary is the world's first all-around free language translation software based on search engine technology, produced by NetEase Youdao, NetEase Youdao Dictionary PC terminal dll hijacking vulnerability. There is a DLL hijacking vulnerability in Netease Youdao Dictionary PC, which can ...

How Does Your AD Password Policy Compare to NIST's Password Recommendations?

End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your user...

CVE-2020-35931

An issue was discovered in Foxit Reader before 10.1.1 and before 4.1.1 on macOS and PhantomPDF before 9.7.5 and 10.x before 10.1.1 and before 4.1.1 on macOS. An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subty...