PT-2026-37249

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

CVE-2026-27754 SODOLA SL902-SWTGW124AS <= 200.1.20 MD5 Session Token Generation

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

SODOLA SL902-SWTGW124AS 安全漏洞

SODOLA SL902-SWTGW124AS is an industrial switch produced by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to version 200.1.20 contain security vulnerabilities. These vulnerabilities stem from the use of the MD5 hash function, which has weak encryption strength. This can...

CVE-2025-24946

The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...

PT-2025-7548 · Picoquic · Picoquic

Name of the Vulnerable Software and Affected Versions: picoquic versions before b80fd3f Description: The hash table used to manage connections in picoquic uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server by initiating connections with colliding...

picoquic 安全漏洞

picoquic is a minimal implementation of the QUIC protocol open-sourced by Private Octopus. A security vulnerability exists in picoquic that stems from the use of a weak hash function in the hash table used to manage connections. A remote attacker exploiting this vulnerability could cause...

PT-2024-20446

Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description The issue concerns the use of predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens, such as the API token and the user token. This allows attackers to...

CVE-2021-41168

Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown referencename:...

[SECURITY] [DLA 1884-1] linux security update

Package : linux Version : 3.16.72-1 CVE ID : CVE-2017-18509 CVE-2018-20836 CVE-2019-1125 CVE-2019-3900 CVE-2019-10207 CVE-2019-10638 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

Debian DLA-1884-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

Debian DSA-4497-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-8553 Jan Beulich discovered that CVE-2015-2150 was not completely addressed. If a PCI physical function is passed through to a Xen guest, th...

[SECURITY] [DSA 4495-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4495-1 [email protected] https://www.debian.org/security/ Ben Hutchings August 10, 2019 https://www.debian.org/security/faq -...

Debian DLA-1862-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2101 Andrey Konovalov discovered that the USB Video Class driver uvcvideo did not consistently handle a type field in device descriptors, whic...

[ MDVSA-2014:079 ] json-c

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:079 http://www.mandriva.com/en/support/security/ Package : json-c Date : April 17, 2014 Affected: Business Server 1.0 Problem Description: Updated json-c packages fix security vulnerabilities: Florian Weimer...

MGASA-2014-0175 Updated json-c packages fix security vulnerabilities

Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...