40 matches found
EUVD-2026-35421
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...
CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2025-68703
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...
PT-2025-38219
Name of the Vulnerable Software and Affected Versions: ABB FLXEON versions through 9.3.5 and newer versions Description: The software uses a one-way hash with a predictable salt. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabili...
Linux Distros Unpatched Vulnerability : CVE-2025-27552
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program...
Linux Distros Unpatched Vulnerability : CVE-2024-45440
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that doe...
CVE-2024-45440
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...
The vulnerability of the /core/authorize.php file in the Drupal CMS system allows a hacker to disclose protected information.
The vulnerability of the /core/authorize.php file in the Drupal CMS system relates to the exposure of system data by unauthorized individuals in the controlled area. Exploiting this vulnerability could allow attackers to disclose protected information through the hashsalt parameter in the...
CVE-2024-45440
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...
UBUNTU-CVE-2024-45440
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...
CVE-2024-45440
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...
PT-2024-6543 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal versions 11.x-dev Description: The issue is related to a Full Path Disclosure flaw in the core/authorize.php file of the Drupal CMS system. This flaw allows an attacker to disclose system data without authorization. The vulnerability c...
USN-6891-1: Python vulnerabilities
It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. CVE-2015-20107 It was discovered that Python incorrectly used regular expressions vulnerable to...
SUSE CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
SUSE CVE-2018-14647
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...
Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms
✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...
DRUPAL-CONTRIB-2020-012
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently validate data submitted into Webform Signature element during webform submission creation. This allows a malicious user to generate and extract HMAC hashes for arbitrary data. Such HMAC hashes are used...
Webform - Moderately critical - Access bypass - SA-CONTRIB-2020-012
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently validate data submitted into Webform Signature element during webform submission creation. This allows a malicious user to generate and extract HMAC hashes for arbitrary data. Such HMAC hashes are used...
python: Missing salt initialization in _elementtree.c module
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...
python: Missing salt initialization in _elementtree.c module
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...