CVE-2026-45927

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability, a Time-of-check to time-of-use TOCTOU bug, allows a local attacker to modify the contents of a BPF map after its hash has been calculated but before it is frozen. Consequently, a trusted loader could ...

CVE-2026-45927

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

UBUNTU-CVE-2026-45927

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from bpfmapgetinfobyfd function in bpf. This function does not check the frozen state of maps during t...

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

DEBIAN-CVE-2026-31575

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfillatomichugetlb, linearpageindex is used to calculate the page index for hugetlbfaultmutexhash. However, linearpageindex returns the index in PAGESIZE units, while...

CVE-2026-31575

The CVE-2026-31575 issue affects the Linux kernel mm/userfaultfd code, where hugetlb fault mutex hashing used linear_page_index() (PAGE_SIZE units) instead of huge-page units, causing different mutexes to be used for addresses within the same huge page. The mismatch can allow races between faulti...

CVE-2026-39855

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...

EUVD-2023-33958

Malicious code in bioql PyPI...

The vulnerability of the PHP programming language’s password verification function lies in the insufficient calculation of the password hash, allowing attackers to compromise data integrity.

The vulnerability of the password verification function in the PHP programming language is related to insufficient calculation of the password hash. Exploiting this vulnerability allows attackers to compromise the integrity of data...

ROS-20240918-08

A vulnerability in FreeIPA's centralized user identity management system is associated with insufficient password hash calculation. Exploitation of the vulnerability could allow an attacker, acting remotely, to escalate their privileges by brute-forcing possible values for a user's password...

CVE-2023-41752 Apache Traffic Server: s3_auth plugin problem with hash calculation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue...

CVE-2023-41752 Apache Traffic Server: s3_auth plugin problem with hash calculation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue...

The validateCreateOrderHash function is vulnerable to an incorrect token type being provided by the caller

Lines of code Vulnerability details Impact Invalid token types could be used with encoded order info, breaking expectations of the contract. An attacker could create an order hash using different parameters than what is actually encoded in the orderInfo. This could potentially allow the attacker ...

CVE-2023-33933 Apache Traffic Server: s3_auth plugin problem with hash calculation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions...

CVE-2023-33933 Apache Traffic Server: s3_auth plugin problem with hash calculation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions...

Apache Traffic Server 信息泄露漏洞

Apache Traffic Server ATS is a suite of scalable HTTP proxy and caching servers from the Apache Foundation in the United States. An information disclosure vulnerability exists in Apache Traffic Server that stems from a security issue in the s3auth plugin for hash calculation. Affected products an...

CVE-2023-2473

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...

Design/Logic Flaw

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...

CVE-2023-2473 Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...