Arch Linux 资源管理错误漏洞

Arch Linux is an application system from Arch Open Source. A lightweight and flexible Linux® distribution that tries to keep it simple. Arch Linux suffers from a Resource Management Error vulnerability that stems from improper internal resource management in naive's keyless hash function. A remot...

CVE-2019-25030

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction such as MD5 and SHA-1 alone are insufficient in thwarting password...

Insecure Cryptographic Functions

github.com/moov-io/customers uses insecure cryptographic function. An attacker is able to exploit the vulnerability by using a rainbow table attack on the system. Th vulnerability exists due to a probability of a lack of uniqueness in the complexity of the hash function...

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30443)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in streebog crate in versions of Mozilla Rust prior to 0.8.0, which stems from a Streebog hash function that produces incorrect answers. No details of the vulnerability are provid...

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

CVE-2019-25006

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

Design/Logic Flaw

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

CVE-2019-25006

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

CVE-2019-25007

Summary : The vulnerability CVE-2019-25007 affects the Rust streebog crate prior to 0.8.0. Root cause : incorrect implementation of the internal update-sigma function, which could cause a panic for certain inputs. Impact : panics in the Streebog hash function; no exploit details are provided in t...

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2016-0475 and CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 15 and earlier releases that is used by Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the...

kernel: The flow_dissector feature allows device tracking

A device tracking vulnerability was found in the flowdissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash instead of siphash is used. The hashmd value remains the same starting from boot ti...

Insecure Hash Function

bcrypt uses an insecure hash function. The data passed into the hash function is not properly hashed when its length is greater than 255 bytes...

Denial Of Service (DoS)

ruby is vulnerable to denial of service. A denial of service flaw was found in the implementation of associative arrays hashes in Ruby. An attacker able to supply a large number of inputs to a Ruby application such as HTTP POST request parameters sent to a web application that are used as keys wh...

CVE-2019-18282

A device tracking vulnerability was found in the flowdissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash instead of siphash is used. The hashmd value remains the same starting from boot ti...

Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary Several vulnerabilities have been addressed for: IBM SDK Java Technology Edition Quarterly CPU Oct 2015, including Oracle Oct 2015 CPU; IBM SDK Java Technology Edition Quarterly CPU Jan 2016, including Oracle Jan 2016 CPU; Java specific SLOTH Weak MD5 Signature Hash; and several OpenSSL...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software (CVE-2015-7575, CVE-2016-0466, CVE-2016-0475, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly...

The vulnerability of the flow_dissector function in Linux operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the flowdissector function in Linux operating systems is related to the use of the hash function jhash instead of siphash. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

UPX Floating Point Anomaly Vulnerability

UPX is a portable and extensible executable compression program. A security vulnerability exists in the 'PackLinuxElf::elfhash' function in the plxelf.cpp file in UPX version 3.95. An attacker can exploit this vulnerability to cause an application to crash, resulting in a denial of service...