Re: [SYSS-2024-038] DiCal-RED – Use of Password Hash Instead of Password for Authentication
Posted by J. Hellenthal via Fulldisclosure on Aug 27 Correct me if I'm wrong but I believe he is trying to relay that "on the...
USN-6981-1: Drupal vulnerabilities
It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-13671) It was discovered...
ZDI-24-1182: Linux Kernel Netfilter Conntrack Type Confusion Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged...
DSA-5759-1 python3.11 – security update
Multiple security issues were discovered in Python, a high-level, interactive, object-oriented language: CVE-2024-0397 A race condition in the ssl module was found when accessing CA...
USN-6973-3: Linux kernel (AWS) vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged...
mingw-python3-3.11.9-1.fc40
FEDORA-2024-926631fe97 Packages in this update: mingw-python3-3.11.9-1.fc40 Update description: Update to python-3.11.9. Backport fix for CVE-2024-6923. Read More
mingw-python3-3.11.9-1.fc39
FEDORA-2024-f3851065c0 Packages in this update: mingw-python3-3.11.9-1.fc39 Update description: Update to python-3.11.9. Backport fix for CVE-2024-6923. Read More
DSA-5758-1 trafficserver – security update
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling. https://security-tracker.debian.org/tracker/DSA-5758-1...
calibre-7.17.0-3.fc40
FEDORA-2024-a455bea9ca Packages in this update: calibre-7.17.0-3.fc40 Update description: Fix fonts for < f41 releases. Upgrade to latest upstream release to fix 4 CVE's and enable...
Re: [SYSS-2024-038] DiCal-RED – Use of Password Hash Instead of Password for Authentication
Posted by Jeffrey Walton on Aug 24 There's no difference between sending the password or Hash(password) at the client. It is similar to (but weaker...