325 matches found
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...
PT-2024-7717 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the crypto component of the Linux kernel, specifically with the algif hash function. When a zero-length message is hashed by algif hash and an error is triggere...
Contiki-NG Security Vulnerability
Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and prior versions, which stems from a buffer over-read in the dtlssha256update function...
crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...
Hyperledger: CVE-2023-46132
A vulnerability was discovered in which the way transactions were hashed in Fabric blockchain blocks allowed an attacker to manipulate the transaction data while keeping the block hash unchanged. This could enable an adversary to fork the blockchain network state through malicious blocks that...
curl: use after free in SSH sha256 fingerprint check
A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...
DEBIAN-CVE-2020-22336
An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function...
MeterSphere 安全漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.9.1 and previous versions of a denial of service vulnerability , the vulnerability stems from the submission of a very long password during login , it will force the system to perform a long...
PT-2023-21687 · Snap One · Ovrc Pro
Name of the Vulnerable Software and Affected Versions: Snap One OvrC Pro devices versions 7.2 and prior Description: The issue arises from the device's failure to properly validate firmware updates, relying solely on the calculation of the MD5 hash of the firmware without utilizing a private-publ...
PT-2023-12093 · Amd · 1St Gen Amd Epyc™ Processors +110
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace,...
PT-2023-35780 · Git +1 · Libucl
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-use-after-free READ 8 crash has been reported. The crash involves the ucl hash func and occurs during the kh resize ucl hash node and kh put ucl...
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM BladeCenter Switches (CVE-2015-7575)
Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM BladeCenter Switches. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM BladeCenter Switches. Vulnerability Details CVE-ID: CVE-2015-7575 Description: The TLS protocol could allow weaker than expected...
Important: Red Hat Security Advisory: nss security and bug fix update
An update for nss is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Important: nss security and bug fix update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Bug Fixes: In FIPS mode, nss should reject RSASSA-PSS salt lengths large...
Wrong Implementation of EIP-712
Lines of code Vulnerability details Impact The EIP-712 uses several parameters. Those parameters are exactly: EIP712Domain string name; string version; uint256 chainId; address verifyingContract; As you can see on the following Domain, ZkSync, is missing one parameter: bytes32 constant...
openssl: NULL dereference during PKCS7 data verification
A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...
RLSA-2023:1141 Moderate: gnutls security and bug fix update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...
Moderate: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RS...
SUSE CVE-2012-0039
GLib 2.31.8 and earlier, when the gstrhash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash...