PT-2026-45212

Name of the Vulnerable Software and Affected Versions Sereal::Decoder versions prior to 5.005 Description An issue exists where crafted input can lead to a heap out-of-bounds read. In the file Perl/Decoder/srl decoder.c, the functions srl read object and srl read hash process a COPY tag, which is...

SUSE CVE-2026-43044

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

OPENSUSE-SU-2023:0225-1 Security update for perl-Cpanel-JSON-XS

This update for perl-Cpanel-JSON-XS fixes the following issues: perl-Cpanel-JSON-XS was updated to 4.36 see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes 4.36 2023-03-02 rurban - remove the SAVESTACKPOS noop. Merged from JSON-XS-3.02, removed there with 4.0. requested to remove with L 4.35...

Updated perl-Cpanel-JSON-XS packages fix security vulnerability

Fixes some bugs including a security vulnerability when decoding hash keys without ending ':'...

PT-2023-36337 · Mageia · Perl-Cpanel-Json-Xs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A security issue exists when decoding hash keys without an ending colon :. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

SUSE CVE-2013-1854

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method...

SUSE CVE-2015-3405

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not , which might allow remote attackers to obtain the value of generated MD5...

XSS Vulnerability in Action View tag helpers

There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...

Possible XSS Vulnerability in Action View tag helpers

There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...

PJSIP 资源管理错误漏洞

PJSIP is a free and open source multimedia communications library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP suffers from a Resource Management Error vulnerability that stems from the fact that in versions prior to 2.11.1, in a dialog...

PT-2022-2175 · Pjsip +3 · Pjsip +3

Name of the Vulnerable Software and Affected Versions: PJSIP versions up to and including 2.11.1 Description: The issue is related to the use of memory after it has been freed, potentially causing undefined behavior such as dialog list collision, which can lead to an endless loop. This occurs in ...

Information disclosure

W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys...

Code injection

W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes...

CVE-2012-6079

W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys...

UBUNTU-CVE-2018-11743

The initcopy function in kernel.c in mruby 1.4.1 makes initializecopy calls for TTICLASS objects, which allows attackers to cause a denial of service mrbhashkeys uninitialized pointer and application crash or possibly have unspecified other impact...

ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server...

USN-2449-1 ntp vulnerabilities

Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. CVE-2014-9293 Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker...

ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keyge...

Medium: perl

Issue Overview: A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the...

perl: DoS in rehashing code

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service memory consumption and crash via a crafted hash key...