Lucene search
K

24 matches found

OSV
OSV
added 2026/03/27 2:3 p.m.5 views

OESA-2026-1723 rubygem-bcrypt security update

bcrypt is a sophisticated and secure hash algorithm designed by The OpenBSD project for hashing passwords. bcrypt-ruby provides a simple, humane wrapper for safely handling passwords. Security Fixes: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 1:17 a.m.5 views

CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS0.00228EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 1:17 a.m.4 views

UBUNTU-CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:8 a.m.3 views

CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/24 12:8 a.m.25 views

CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS0.00228EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 12:8 a.m.1 views

CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 12:8 a.m.6 views

CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

bcrypt-ruby 输入验证错误漏洞

bcrypt-ruby is an open-source secure password hashing tool developed by bcrypt-ruby. Versions of bcrypt-ruby prior to 3.1.22 had a vulnerability related to input validation. This vulnerability stemmed from integer overflow in the JRuby implementation, which led to enhanced circular zero iteration...

7.5CVSS5.9AI score0.00228EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/19 5:54 p.m.12 views

bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/19 5:54 p.m.4 views

GHSA-F27W-VCWJ-C954 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References6
RubySec
RubySec
added 2026/03/19 12:0 a.m.8 views

bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-26246

Name of the Vulnerable Software and Affected Versions bcrypt-ruby versions prior to 3.1.22 Description The bcrypt-ruby gem, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, contains a flaw in its Java BCrypt implementation for JRuby. Specifically, an integer overflow in the...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2025/11/10 12:0 a.m.4 views

SUSE: Security Advisory (SUSE-SU-2025:20921-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.1CVSS5.9AI score0.00156EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/10/15 12:1 p.m.3 views

Recommended update of flake-pilot

This update for flake-pilot fixes the following issues: Update version to 3.1.22. Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for th...

5.8CVSS6.8AI score0.00156EPSS
Exploits0References4
OSV
OSV
added 2025/10/15 12:1 p.m.1 views

OPENSUSE-SU-2025:20013-1 Recommended update of flake-pilot

This update for flake-pilot fixes the following issues: Update version to 3.1.22. - Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for...

5.1CVSS5.9AI score0.00156EPSS
Exploits0References2
OSV
OSV
added 2025/10/15 12:0 p.m.4 views

SUSE-SU-2025:20921-1 Recommended update of flake-pilot

This update for flake-pilot fixes the following issues: Update version to 3.1.22. - Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for...

5.1CVSS5.9AI score0.00156EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.10 views

WordPress FULL Customer Plugin <= 3.1.22 is vulnerable to Cross Site Scripting (XSS)

Software FULL Customer Type Plugin Vulnerable versions = 3.1.22 Fixed in 3.1.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 199342483259 Credits vgo0 Required...

6.1CVSS5.6AI score0.00362EPSS
Exploits0References3Affected Software1
ALT Linux
ALT Linux
added 2022/02/21 12:0 a.m.43 views

Security fix for the ALT Linux 10 package dotnet-coreclr-3.1 version 3.1.22-alt1

3.1.22-alt1 built Feb. 21, 2022 Vitaly Lipatov in task 295271 Feb. 12, 2022 Vitaly Lipatov - new version 3.1.22 with rpmgs script - CVE-2021-34485: .NET Core Information Disclosure Vulnerability - CVE-2021-26423: .NET Core Denial of Service Vulnerability...

5CVSS6.3AI score0.03858EPSS
Exploits0
OSV
OSV
added 2022/01/31 9:51 a.m.8 views

ALEA-2022:0322 .NET Core 3.1 bugfix and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.416 and Runtime 3.1.22 almalinux-8.5.0.z BZ2031429...

6.9AI score
Exploits0
AlmaLinux
AlmaLinux
added 2022/01/31 9:51 a.m.18 views

.NET Core 3.1 bugfix and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.416 and Runtime 3.1.22 almalinux-8.5.0.z BZ2031429...

6.8AI score
Exploits0
Rows per page
Query Builder