EulerOS 2.0 SP5 : python-ipaddress (EulerOS-SA-2020-2265)

According to the version of the python-ipaddress package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow...

Denial Of Service (DoS)

python is vulnerable to denial of service DoS. The vulnerability exists as Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the...

OPENSUSE-SU-2020:0940-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service bsc1173274. This update was imported from the SUSE:SLE-15:Update update project...

Security update for python3 (important)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2020:0931-1 Rating: important References: 1173274 Cross-References: CVE-2020-14422 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for python3...

SUSE-SU-2020:1822-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service bsc1173274...

CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

Python -- multiple vulnerabilities

Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...

The implementation of the getACL() command in the centralized service for managing configuration information, naming, distributed synchronization, and providing group services in Apache ZooKeeper is vulnerable. This vulnerability allows attackers to exploit certain hash function values.

The vulnerability of the getACL function in the centralized service for managing configuration information, naming, distributed synchronization, and providing group services in Apache ZooKeeper is related to permission handling errors. Exploiting this vulnerability can allow an attacker to exploi...

New Zoom Hack Lets Hackers Compromise Windows and Its Login Password

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe. No doubt, Zoom is an efficient online video meeting...

mruby memory misreference vulnerability (CNVD-2020-10638)

mruby is a lightweight implementation of the Ruby language that conforms to a portion of the ISO standard. A security vulnerability exists in mruby 2.1.0 in mrbgems/mruby-hash-ext/src/hash-ext.c in hashvaluesat. No details of the vulnerability are provided at this time...

UBUNTU-CVE-2020-6838

In mruby 2.1.0, there is a use-after-free in hashvaluesat in mrbgems/mruby-hash-ext/src/hash-ext.c...

zookeeper: Information disclosure in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users...

TYPO3 Security Feature Issue Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security signature issue vulnerability exists in the 'uniqid' function in TYPO3, which can be exploited by an attacker to brute-force hash values...

Cybersecurity Teardown: Using Hash Values

Welcome to the final installment of Hash Values in our greater Cybersecurity Teardown series. In today's post, we'll cover the 'How' of hash values - which includes: Traiging alerts for deeper research Investigating an issue for malicious activity Reassembling our previous examples within a CB...

Cybersecurity Teardown: Benefit of Hash Values

Welcome to the second part in our Hash Values series of the Cybersecurity Teardown. Today, we'll be covering: How hashing could provide a valuable benefit A real-world example and explanation at work The results of our hashing This is the second part of a three-part series. Be sure to check back...

Cybersecurity Teardown: Understanding Hash Values

We just started a new series called “Cybersecurity Teardown.” In this series, we’ll be ripping apart ideas and attacks, then reassembling them with a Carbon Black mindset. Each idea or attack will be broken down into three phases: What, Why, and How. In this first entry, I wanted to call your...

CVE-2018-20298

S3 Browser before 8.1.5 contains an XML external entity XXE vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol...

WordPress 4.3.x < 4.3.13 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. - When domain-based...