EUVD-2022-3620

Malicious code in bioql PyPI...

EUVD-2025-20080

Malicious code in bioql PyPI...

EUVD-2022-3415

Malicious code in bioql PyPI...

SUSE-SU-2025:20746-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness 810 Add output of some packagemanagers to the testdata 808 From version 20250416.01: Refactor OS Info package 809...

CVE-2025-27209

A flaw was found in nodejs. The V8 component’s rapidhash implementation introduces a HashDoS vulnerability, allowing an attacker who can control the strings being hashed to trigger excessive CPU usage by generating numerous hash collisions. This exploitation vector results in an application level...

CVE-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js version v24.x, which stems from an improper implementation of string hash computation and could lead to a hash collision attack...

PT-2025-29694 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions 24.0.0 and later Description: The V8 release in Node.js reintroduced a HashDoS vulnerability due to changes in string hash computation using rapidhash. An attacker controlling the strings to be hashed can generate numerous ha...

CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

CVE-2025-49600

In MBedTLS, CVE-2025-49600 affects 3.3.0 to before 3.6.4, where mbedtls_lms_verify can accept forged Leighton-Micali Signatures in fault scenarios. The root cause is unchecked return values from internal Merkle-tree calls (create_merkle_leaf_value and create_merkle_internal_value) which can leave...

CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 3.6.4, which stems from an unchecked return value on failure of a hash computation, and could lead to LMS signature forgery...

SUSE-SU-2025:02149-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: - Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add output of some packagemanagers to the testdata - from version 20250416.01 Refactor OS Info package - from...

CVE-2013-5750

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

Linux Distros Unpatched Vulnerability : CVE-2020-14422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to...

Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-008)

The version of python38 installed on the remote host is prior to 3.8.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PYTHON3.8-2023-008 advisory. A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite...

Oracle Linux 8 : python38:3.8 (ELSA-2020-4641)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4641 advisory. - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote...

SUSE CVE-2018-16855

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash...

FriendsOfSymfony FOSUserBundle denial of service via login form

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...