RHEL 7 : qci (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - QCI: uses MD5 as password hash algorithm on deployed systems CVE-2016-6340 Note that Nessus has not tested for this...

CVE-2024-29951

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

CVE-2024-29886

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-29886 Improved security for stored password hashes

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-25102 Information Disclosure Vulnerability in CDAC AppSamvid Software

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this...

PT-2024-20750 · Appsamvid · Appsamvid

Name of the Vulnerable Software and Affected Versions: AppSamvid affected versions not specified Description: The issue is related to the use of a weaker cryptographic algorithm, specifically SHA1, in the user login component. An attacker with local administrative privileges could exploit this to...

AppSamvid Security Vulnerability

AppSamvid is a free application whitelisting software from Cert-In open source. A security vulnerability exists in AppSamvid 2.0.1 and earlier versions, which stems from the use of a weak encryption algorithm hash SHA1 in the user login component, which allows an attacker with local administrativ...

HCL Domino Security Vulnerability

HCL Technologies HCL Domino is an application software from HCL Technologies, Inc. It provides a platform for application development. A security vulnerability exists in HCL Domino that stems from the use of a weak hash encryption algorithm, which could allow an attacker to determine a user's...

CVE-2023-37495

CVE-2023-37495 involves HCL Domino. The vulnerability arises from using a cryptographically weak hash algorithm to secure internet passwords stored in Person documents in the Domino Directory when created via the Add Person action on the People & Groups tab. The issue could allow an attacker with...

PT-2024-12626 · Domino · Domino

Name of the Vulnerable Software and Affected Versions: Domino affected versions not specified Description: The issue is related to the use of a cryptographically weak hash algorithm to secure internet passwords stored in Person documents in the Domino Directory. This weakness could allow attacker...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

Siemens SCALANCE OpenSSL NULL Pointer Dereference (CVE-2023-0401)

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

Bcoin Security Breach

Bcoin is an alternative implementation of the Bitcoin protocol open-sourced by Bcoin. A security vulnerability exists in Bcoin version 2.2.0, which stems from a vulnerability that allows remote attackers to obtain sensitive information via a weak hash algorithm in the component...

Security Bulletin: Vulnerability in Brix crypto-js affects IBM Process Mining CVE-2023-46233

Summary There is a vulnerability in Brix crypto-js that could allow an remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION...

Security Bulletin: crypto-js affects IBM Spectrum Control [CVE-2023-46233]

Summary crypto-js is vulnerable to a remote attacker to obtain sensitive information. This vulnerability affects IBM Spectrum Control. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allow a remo...

crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

CVE-2023-46133 crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a...

Duplicate Advisory: EVE Doesn't Measure Config Partition From 2 Fronts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in comm...