Design/Logic Flaw

Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown referencename:...

openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)

; Name: Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode 415 bytes ; Author: h4pp1n3ss ; Tested on: Microsoft Windows Version 10.0.19042.1237 ; Description: ; This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this...

Insecure Encryption

showdoc/showdoc has insecure encryption. The vulnerability exists due to a hardcoded salt in its user password hash function...

GHSA-8VH3-29MR-M9XG Inadequate Encryption Strength in showdoc

showdoc makes use of a hardcoded salt in its user password hash function...

Incorrect implementation of the Streebog hash functions in streebog

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

GHSA-GF93-H79Q-6JJV Incorrect implementation of the Streebog hash functions in streebog

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

CVE-2021-33713

A vulnerability has been identified in JT Utilities All versions V13.0.2.0. When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the...

CVE-2021-33713

A vulnerability has been identified in JT Utilities All versions V13.0.2.0. When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the...

Arch Linux 资源管理错误漏洞

Arch Linux is an application system from Arch Open Source. A lightweight and flexible Linux® distribution that tries to keep it simple. Arch Linux suffers from a Resource Management Error vulnerability that stems from improper internal resource management in naive's keyless hash function. A remot...

CVE-2019-25030

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction such as MD5 and SHA-1 alone are insufficient in thwarting password...

Insecure Cryptographic Functions

github.com/moov-io/customers uses insecure cryptographic function. An attacker is able to exploit the vulnerability by using a rainbow table attack on the system. Th vulnerability exists due to a probability of a lack of uniqueness in the complexity of the hash function...

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30443)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in streebog crate in versions of Mozilla Rust prior to 0.8.0, which stems from a Streebog hash function that produces incorrect answers. No details of the vulnerability are provid...

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

CVE-2019-25006

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

Design/Logic Flaw

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

CVE-2019-25006

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

CVE-2019-25007

Summary : The vulnerability CVE-2019-25007 affects the Rust streebog crate prior to 0.8.0. Root cause : incorrect implementation of the internal update-sigma function, which could cause a panic for certain inputs. Impact : panics in the Streebog hash function; no exploit details are provided in t...