UBUNTU-CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

Buffer overflow

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

CVE-2020-1921

CVE-2020-1921 affects HHVM: the crypt function may terminate a buffer using the salt length without verifying the offset lies inside the buffer. Affected HHVM versions include before 4.56.3, 4.57.0–4.80.1, 4.81.0–4.93.1, and 4.94.0–4.98.0. The initial description provides the vulnerable condition...

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

Katy Voor HHVM 缓冲区错误漏洞

Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from a crypt function that allows the size of the input salt to be null to terminate the buffer witho...

Brute-force Attack

postgresql is vulnerable to brute-force attacks. The vulnerability exists as a signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

Authentication flaw

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

CVE-2019-5135

WAGO PFC100/200 Web-Based Management (WBM) authentication timing information disclosure (CVE-2019-5135) is detailed in the TALOS entry. The vulnerability resides in the WBM login routine where the PHP crypt() function is used to generate a password hash for comparison, allowing an attacker to inf...

WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability

Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...

UBUNTU-CVE-2013-4412

slim has NULL pointer dereference when using crypt method from glibc 2.17...

PT-2019-6950 · Gnu · Glibc

Name of the Vulnerable Software and Affected Versions: slim affected versions not specified Description: The issue is related to a NULL pointer dereference in slim when using the crypt method from glibc 2.17. Recommendations: At the moment, there is no information about a newer version that...

Denial Of Service (DoS)

postgresql is vulnerable to denial of service. The library does not properly check the return value of the crypt library function, allowing a malicious users to cause an application crash...

UBUNTU-CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

OpenSSH 'crypt()' Function Denial of Service Vulnerability

OpenSSH is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. A denial of service vulnerability exists in the OpenSSH 'crypt' function. An attacker can exploit this vulnerability to cause an application to enter an infinite loop, consuming...

Debian DSA-3475-1 : postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. ...

DSA-3475-1 postgresql-9.1 - security update

Bulletin has no description...

Debian Security Advisory DSA 3475-1 (postgresql-9.1 - security update)

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory...

postgresql: limited memory disclosure flaw in crypt()

A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory...

Scientific Linux Security Update : postgresql on SL6.x i386/x86_64 (20151118)

A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. CVE-2015-5288 If the postgresql service is running, it will be automatically restarted after installing thi...