CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

SUSE CVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

CVE-2022-3959 drogon Session Hash small space of random values

A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version...

PT-2022-15360 · Ibm · Ibm Mq Appliance

Name of the Vulnerable Software and Affected Versions: IBM MQ Appliance versions 9.2 CD and 9.2 LTS Description: The issue concerns local messaging users whose passwords are stored with a hash that provides insufficient protection. This could potentially allow unauthorized access to the system...