CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/02/20 12:0 a.m.•2 views

PT-2025-7548 · Picoquic · Picoquic

Name of the Vulnerable Software and Affected Versions: picoquic versions before b80fd3f Description: The hash table used to manage connections in picoquic uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server by initiating connections with colliding...

5.3CVSS7.3AI score0.00066EPSS

Exploits0References7

Vulnrichment•added 2025/02/20 12:0 a.m.•3 views

CVE-2025-24946

5.3CVSS5.3AI score0.00066EPSS

CNNVD•added 2025/02/20 12:0 a.m.•1 views

picoquic 安全漏洞

picoquic is a minimal implementation of the QUIC protocol open-sourced by Private Octopus. A security vulnerability exists in picoquic that stems from the use of a weak hash function in the hash table used to manage connections. A remote attacker exploiting this vulnerability could cause...

5.3CVSS6.6AI score0.00066EPSS

Cvelist•added 2025/02/20 12:0 a.m.•8 views

CVE-2025-24946

5.3CVSS0.00066EPSS

Positive Technologies•added 2025/02/06 12:0 a.m.•1 views

PT-2025-6000 · Vllm +1 · Vllm +1

Name of the Vulnerable Software and Affected Versions: vLLM versions prior to 0.7.2 Description: Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. The issue arises from the use of...

2.6CVSS3.4AI score0.00323EPSS

Exploits0References15

OSV•added 2024/12/12 7:22 p.m.•9 views

GHSA-9J3M-FR7Q-JXFW Beego has Collision Hazards of MD5 in Cache Key Filenames

In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure...

6.9CVSS6.1AI score0.00235EPSS

Exploits0References4

Positive Technologies•added 2024/12/05 12:0 a.m.•2 views

PT-2024-9199 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.01 NEXUS Series version 3.08.01 MATRIX Series version 3.08.01 Description: The issue is related to a weakness in the way an application dependency calculates or validates MD5 checksum hashes, allowing for...

9.1CVSS7.4AI score0.00066EPSS

Exploits0References8

RedHat Linux•added 2024/11/04 1:28 a.m.•2 views

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

9CVSS7.2AI score0.22162EPSS

Exploits2References10

OSV•added 2024/10/23 5:15 p.m.•2 views

AZL-51678 CVE-2024-50382 affecting package botan2 2.14.0-2

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...

5.9CVSS5.8AI score0.00157EPSS

Exploits1References1

Packet Storm•added 2024/08/31 12:0 a.m.•181 views

Hashtable Collisions

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hashtable Collisions', 'Description' = %q This module uses a denial-of-service DoS condition appearing in a variety of programming languages. Thi...

7.8CVSS7.3AI score0.86573EPSS

Exploits16

Tenable Nessus•added 2024/08/20 12:0 a.m.•27 views

EulerOS 2.0 SP12 : systemd (EulerOS-SA-2024-2228)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of...

Redos•added 2024/07/31 12:0 a.m.•16 views

ROS-20240731-06

A vulnerability in the SHA-3 cryptographic hash function of the eXtended Keccak Code Package XKCP software package is related to errors in block processing of input data and type conversion. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code during...

9.8CVSS8.1AI score0.014EPSS

Exploits1

Tenable Nessus•added 2024/07/16 12:0 a.m.•35 views

EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2024-1954)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of...

Tenable Nessus•added 2024/07/16 12:0 a.m.•28 views

EulerOS 2.0 SP9 : systemd (EulerOS-SA-2024-1974)

Tenable Nessus•added 2024/06/28 12:0 a.m.•28 views

EulerOS 2.0 SP12 : dnsmasq (EulerOS-SA-2024-1865)

Positive Technologies•added 2024/06/24 12:0 a.m.•3 views

PT-2024-20446

Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description The issue concerns the use of predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens, such as the API token and the user token. This allows attackers to...

8.2CVSS6.4AI score0.00117EPSS

Exploits0References5

OpenVAS•added 2024/06/07 12:0 a.m.•4 views

Fedora: Security Advisory for rust-b3sum (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score