SUSE CVE-2026-9150

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption a...

CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption a...

CVE-2026-9150

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption a...

SUSE-SU-2026:20434-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: Upgrade openCryptoki to 3.26 jscPED-14609 Security fixes: - CVE-2026-22791: supplying malformed compressed EC public key can lead to heap corruption or denial-of-service bsc1256673. - CVE-2026-23893: Privilege Escalation or Data Exposure vi...

OPENSUSE-SU-2026:20233-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: Upgrade openCryptoki to 3.26 jscPED-14609 Security fixes: - CVE-2026-22791: supplying malformed compressed EC public key can lead to heap corruption or denial-of-service bsc1256673. - CVE-2026-23893: Privilege Escalation or Data Exposure vi...

EUVD-2017-6875

Malware in sbrugna...

EUVD-2023-45034

Malicious code in bioql PyPI...

EUVD-2025-14393

Malicious code in bioql PyPI...

CVE-2025-47276

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

Design/Logic Flaw

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

CVE-2023-40463

CVE-2023-40463 affects Sierra Wireless AirLink ALEOS firmware (versions 4.16 and earlier). The root cause is in debugging mode: when enabled by an authenticated user with administrative privileges, ALEOS stores the SHA-512 hash of the common root password in a directory accessible to a user with ...

CVE-2023-40463 Use of Hard-Coded Credentials

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

Oracle Linux 6 : openssh (ELSA-2023-4428)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4428 advisory. - Fix for CVE-2016-6210 incomplete fix Orabug: 29375502CVE-2016-6210 Tenable has extracted the preceding description block directly from the Oracle Lin...

System user password Encryption method or Hash function type

NetScaler system user passwords are hashed using SHA1 on 11.1 and older releases. 12.0 use SHA512. RPC node passwords are encrypted using AES256 CBC from 11.0 onwards. RC4 is used before that. The keywords encrypted, hashmethod, encryptmethod example ENCMTHD3and kek are added internally based on...

Design/Logic Flaw

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

CVE-2023-33243

Summary: CVE-2023-33243 affects STARFACE web interface and REST API, where authentication is possible using the SHA-512 password hash instead of the cleartext password. The issue originates from allowing hash-based authentication rather than requiring the actual password, enabling potential accou...

CVE-2023-33243

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

STARFACE 7.3.0.10 Broken Authentication Exploit

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...