[This is a guest diary by Paul Bolton] First I it is not a new attack against sha1. When Google announced a sha1 collision in February (here) it reminded me of a detour I took in Nov 2015 when downloading some software, which I think is relevant when we consider these types of announcements. We …
Read more “A Practical Use for a SHA1 Collision, (Mon, Apr 3rd)”
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with “SecurityLevel None” and with empty “AuthFile” options) via a crafted UDP packet.
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.
mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.