[SECURITY] Fedora 39 Update: rust-b3sum-1.5.1-2.fc39

A command line implementation of the BLAKE3 hash function...

Fedora: Security Advisory for rust-b3sum (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-sha1collisiondetection-0.3.4-2.fc40

SHA-1 hash function with collision detection and mitigation...

[SECURITY] Fedora 40 Update: rust-b3sum-1.5.1-2.fc40

A command line implementation of the BLAKE3 hash function...

BIT-TENSORFLOW-2022-29210 Heap buffer overflow due to incorrect hash function in TensorFlow

TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

Code injection

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

CVE-2023-50868

CVE-2023-50868 is a DNSSEC-related denial of service issue (NSEC3 Closest Encloser proof) that can cause CPU exhaustion. The connected documents confirm impact on DNS implementations such as Unbound and BIND/BIND9 and describe the root cause as processors performing thousands of hash iterations f...

PT-2024-7717 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the crypto component of the Linux kernel, specifically with the algif hash function. When a zero-length message is hashed by algif hash and an error is triggere...

Contiki-NG Security Vulnerability

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and prior versions, which stems from a buffer over-read in the dtlssha256update function...

crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...

Hyperledger: CVE-2023-46132

A vulnerability was discovered in which the way transactions were hashed in Fabric blockchain blocks allowed an attacker to manipulate the transaction data while keeping the block hash unchanged. This could enable an adversary to fork the blockchain network state through malicious blocks that...

curl: use after free in SSH sha256 fingerprint check

A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...

DEBIAN-CVE-2020-22336

An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function...

MeterSphere 安全漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.9.1 and previous versions of a denial of service vulnerability , the vulnerability stems from the submission of a very long password during login , it will force the system to perform a long...

PT-2023-21687 · Snap One · Ovrc Pro

Name of the Vulnerable Software and Affected Versions: Snap One OvrC Pro devices versions 7.2 and prior Description: The issue arises from the device's failure to properly validate firmware updates, relying solely on the calculation of the MD5 hash of the firmware without utilizing a private-publ...

PT-2023-12093 · Amd · 1St Gen Amd Epyc™ Processors +110

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace,...