GHSA-RM76-4MRF-V9R8 vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

Summary Maliciously constructed prompts can lead to hash collisions, resulting in prefix cache reuse, which can interfere with subsequent responses and cause unintended behavior. Details vLLM's prefix caching makes use of Python's built-in hash function. As of Python 3.12, the behavior of hashNon...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as it was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large...

SUSE SLED11 / SLES11 Security Update : mono-core (SUSE-SU-2016:0257-1)

mono-core was updated to fix the following vulnerabilities : - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation bsc958097 - CVE-2012-3543: Remote attackers could cause a denial of service throu...

Amazon Linux: Security Advisory (ALAS-2012-37)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2012-52)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-88-1 : ruby1.8 security update

This update fixes multiple local and remote denial of service and remote code execute problems : CVE-2011-0188 Properly allocate memory, to prevent arbitrary code execution or application crash. Reported by Drew Yao. CVE-2011-2686 Reinitialize the random seed when forking to prevent CVE-2003-0900...

DLA-88-1 ruby1.8 - security update

Bulletin has no description...

Fedora 20 : jansson-2.6-1.fc20 (2014-3778)

Florian Weimer of the Red Hat Product Security Team found that the hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause an application using Jansson to use an...

Amazon Linux AMI : php (ALAS-2012-37)

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by...

Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)

IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to...

CentOS Update for mingw32-libxml2 CESA-2013:0217 centos6

Check for the Version of mingw32-libxml2 OpenVAS Vulnerability Test CentOS Update for mingw32-libxml2 CESA-2013:0217 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

mingw32 security update

CentOS Errata and Security Advisory CESA-2013:0217 Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages...

CentOS 6 : mingw32-libxml2 (CESA-2013:0217)

Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. T...

RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0217 advisory. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW...

Moderate: Red Hat Security Advisory: Fuse MQ Enterprise 7.1.0 update

Fuse MQ Enterprise 7.1.0, which fixes one security issue, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...

Moderate: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update

Fuse ESB Enterprise 7.1.0, which fixes two security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20120411)

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that the Java hashCode method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time b...

Scientific Linux Security Update : sblim-cim-client2 on SL6.x (20120620)

The SBLIM Standards-Based Linux Instrumentation for Manageability CIM Common Information Model Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF Distributed Management Task Force standards. It was...

CentOS Update for tomcat5 CESA-2012:0474 centos5

Check for the Version of tomcat5 OpenVAS Vulnerability Test CentOS Update for tomcat5 CESA-2012:0474 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for libxml2 CESA-2012:0324 centos6

Check for the Version of libxml2 OpenVAS Vulnerability Test CentOS Update for libxml2 CESA-2012:0324 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...