Lucene search
+L

1851 matches found

Cvelist
Cvelist
added 2026/05/05 7:33 p.m.32 views

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS0.00091EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 7:33 p.m.8 views

EUVD-2026-27466

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS5.7AI score0.00091EPSS
Exploits0References1
CVE
CVE
added 2026/05/05 7:33 p.m.17 views

CVE-2026-34527

CVE-2026-34527 affects Sandboxie-Plus for Windows (versions 1.17.2 and earlier). The vulnerability arises in SbieIniServer::HashPassword, where the high nibble of each SHA-1 digest byte is extracted incorrectly (shifted by 8 instead of 4). This causes the stored EditPassword hash to preserve only...

5.3CVSS5.7AI score0.00091EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 7:33 p.m.8 views

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS5.7AI score0.00091EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:33 p.m.4 views

CVE-2026-34527

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS5.7AI score0.00091EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/05 7:33 p.m.4 views

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS5.9AI score0.00091EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.17 views

PT-2026-37249

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37230

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

2CVSS5.7AI score0.00091EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus prior to 1.17.2 contained a security vulnerability. This vulnerability stemmed from the HashPassword function, which incorrectly shifted the high half-bits 8 positions to the right instead o...

5.3CVSS5.8AI score0.00091EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.8 views

Analyzing Unsolicited Internet Traffic: Measuring IoT Security Threats Via Network Telescopes

Network telescopes serve as a critical passive monitoring tool for capturing unsolicited Internet traffic, providing insights into global scanning and reconnaissance behavior. This study analyzes a 10-day dataset during January 2025 consisting of approximately 22 million packets collected by the...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/01 5:50 p.m.8 views

JLSEC-2026-384

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

2.9CVSS5.8AI score0.00398EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.8 views

Juniper Junos OS Multiple Vulnerabilities (JSA88112)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88112 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids...

7.5CVSS6.5AI score0.01577EPSS
Exploits0References5
OSV
OSV
added 2026/04/27 8:35 p.m.24 views

JLSEC-2026-278

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS5.3AI score0.01336EPSS
Exploits1References4
CVE
CVE
added 2026/04/27 2:21 p.m.47 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 are affected by a cryptographic weakness in file and email sharing endpoints. DES-CBC is used with keys and IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to about 19,000 values. An unauthenticated attacker ca...

9.1CVSS5.5AI score0.00155EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 2:21 p.m.4 views

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

8.2CVSS5.5AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:21 p.m.4 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

8.2CVSS5.5AI score0.00155EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/27 2:21 p.m.36 views

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

8.2CVSS0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 2:21 p.m.8 views

EUVD-2026-25856

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

8.2CVSS5.5AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

SmarterTools SmarterMail 安全特征问题漏洞

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Prior versions of SmarterTools SmarterMail up to version 9610 had...

8.2CVSS5.9AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.12 views

PT-2026-35434

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9610 Description A cryptographic weakness exists in the file and email sharing endpoints. These endpoints utilize DES-CBC encryption with keys and initialization vectors derived from System.Random...

9.1CVSS5.5AI score0.00155EPSS
Exploits0References7
Rows per page
Query Builder