325 matches found
CVE-2022-29210
TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...
CVE-2021-32596
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables...
CVE-2020-6838
In mruby 2.1.0, there is a use-after-free in hashvaluesat in mrbgems/mruby-hash-ext/src/hash-ext.c...
CVE-2019-25007
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...
CVE-2019-25006
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...
Slice+Slice Baby: Generating Last-Level Cache Eviction Sets in the Blink of an Eye
An essential step for mounting cache attacks is finding eviction sets, collections of memory locations that contend on cache space. On Intel processors, one of the main challenges for identifying contending addresses is the sliced cache design, where the processor hashes the physical address to...
RUSTSEC-2025-0021 SHA-1 collision attacks are not detected
Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...
The vulnerability in the software installation tool of Acronis Cyber Protect 16 allows a perpetrator to compromise the integrity of the protected information.
The vulnerability in the Acronis Cyber Protect 16 software installation tool is related to the use of an algorithm whose security requirements are not met for the hash function. Exploiting this vulnerability could allow a attacker to compromise the integrity of the protected information...
CVE-2025-24946
The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
CVE-2025-24946
The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
CVE-2025-24946
The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
picoquic 安全漏洞
picoquic is a minimal implementation of the QUIC protocol open-sourced by Private Octopus. A security vulnerability exists in picoquic that stems from the use of a weak hash function in the hash table used to manage connections. A remote attacker exploiting this vulnerability could cause...
CVE-2025-24946
The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...
PT-2025-7548 · Picoquic · Picoquic
Name of the Vulnerable Software and Affected Versions: picoquic versions before b80fd3f Description: The hash table used to manage connections in picoquic uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server by initiating connections with colliding...
PT-2025-6000 · Vllm +1 · Vllm +1
Name of the Vulnerable Software and Affected Versions: vLLM versions prior to 0.7.2 Description: Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. The issue arises from the use of...
GHSA-9J3M-FR7Q-JXFW Beego has Collision Hazards of MD5 in Cache Key Filenames
In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure...
The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to the use of a reversible one-way hash function. This function allows attackers to compromise data integrity.
The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to the use of a reversible one-way hash function. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the use of a reversible one-way hash function. This allows attackers to make background tasks effective.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the use of a reversible one-way hash function. Exploiting this vulnerability allows a malicious actor to make a background task effective...
PT-2024-9199 · Abb · Abb Aspect +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.01 NEXUS Series version 3.08.01 MATRIX Series version 3.08.01 Description: The issue is related to a weakness in the way an application dependency calculates or validates MD5 checksum hashes, allowing for...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...