27 matches found
EUVD-2017-7415
Malware in sbrugna...
EUVD-2012-2167
Malware in sbrugna...
EUVD-2021-2455
Malware in sbrugna...
EUVD-2022-7334
Malicious code in bioql PyPI...
EUVD-2024-26925
Malicious code in bioql PyPI...
CVE-2025-51726
CyberGhostVPNSetup.exe Windows installer is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification...
CVE-2025-40923
CVE-2025-40923 affects Plack-Middleware-Session for Perl prior to 0.35, where the default session id generator uses a SHA-1 hash seeded with rand, epoch time, and PID, making session IDs predictable. Fedora advisory notes a fix to version 0.36, using Crypt::SysRandom for secure session IDs. The v...
CVE-2024-29951
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...
CVE-2020-36563
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...
CVE-2024-29950
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...
Fedora: Security Advisory for rust-sha1collisiondetection (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-29951 Brocade SANnav has weak encryption in internal SSH ports
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...
The class FileTransfer implemented uses the ssh-rsa signature scheme (CVE-2024-29950)
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...
SHA-1 hash in internal SSH ports that are not open to remote connection.(CVE-2024-29951)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...
CVE-2022-45379
Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...
CVE-2022-45379
CVE-2022-45379 affects Jenkins Script Security Plugin: versions 1189.vb_a_b_7c8fd5fde and earlier store whole-script approvals as the SHA-1 hash of the script, making them susceptible to SHA-1 collision attacks. Affected product: Jenkins Script Security Plugin (1189.vb_a_b_7c8fd5fde and earlier)....
Cross-Site Scripting (XSS)
laravel/framework is vulnerable to cross-site scripting XSS. When the parent template contains an exploitable HTML structure, a remote attacker is able to inject arbitrary Javascript via guessing the parent placeholder SHA-1 hash by trying common names of sections...
OpenSSH now supports FIDO U2F security keys for 2-factor authentication
Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell SSH Protocol, yesterday announced th...
Default credentials
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other...
CVE-2018-9233
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other...