89 matches found
CVE-2020-5229
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
CVE-2025-20128
A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...
CVE-2024-57893
CVE-2024-57893 : Linux kernel ALSA: seq: oss — race in SysEx message processing can cause out-of-bounds access. Connected docs confirm the issue and state a mutex-based serialization fix was introduced to protect SysEx packets in the OSS sequencer, effectively addressing the race between 6-byte S...
CVE-2024-57893 ALSA: seq: oss: Fix races at processing SysEx messages
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this...
This Week in Spring - January 7th, 2025
Hi, Spring fans, and happy new year! It's been another super seven days since we last spoke and, as always, there's a lot to cover so let's dive right into it! A long time in coming, but it's finally here! Hello DCO, Goodbye CLA: Simplifying Contributions to Spring the Spring AI hits just keep on...
Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024
Resecurity unveils AI-powered GSOC at NATO Edge 2024, integrating VR for advanced cybersecurity. Tailored for MSSPs, it enhances…...
PT-2024-30113
Name of the Vulnerable Software and Affected Versions No information is available about the vulnerable software and its affected versions. Description The provided information does not contain details about a specific issue. It appears to be a personal introduction and does not include any releva...
PT-2024-30933
Name of the Vulnerable Software and Affected Versions No information is available about the vulnerable software and its affected versions. Description The provided information does not contain details about a specific issue. It appears to be a personal introduction and does not mention any...
CVE-2024-7862 Blog Introduction <= 0.3.0 - Settings Update via CSRF
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-7862 Blog Introduction <= 0.3.0 - Settings Update via CSRF
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress Blog Introduction plugin <= 0.3.0 - Settings Update via CSRF vulnerability
Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Blog Introduction versions = 0.3.0...
WordPress Blog Introduction Plugin <= 0.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Blog Introduction Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b5cd399b1013 Credits Daniel Ruf Required...
Say Goodbye to Monolithic EdgeWorkers: Introducing Flexible Composition (Part 2)
...
Unveiling eBPF: Revolutionizing Security and Observability
An Introduction to Extended BPF and Its Transformative Impact...
CVE-2023-33983
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...
CVE-2023-33983
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...
Code injection
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...
CVE-2023-33983
The CVE-2023-33983 entry covers Briar’s Introduction Client up to version 1.5.3, where there is no out-of-band verification of public keys for Introduced Parties. This enables an introducer to conduct man-in-the-middle attacks on future private communication between two introduced parties. Docume...
PT-2023-24617 · Briar · Briar
Name of the Vulnerable Software and Affected Versions: Briar versions 1.5.3 and earlier Description: The Introduction Client in Briar does not implement out-of-band verification for the public keys of introducees. This allows an introducer to launch man-in-the-middle attacks against later private...
Briar 安全漏洞
Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in Briar versions prior to 1.5.3,...