23 matches found
CVE-2026-33753 Improper Certificate Validation in rfc3161-client
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
PT-2026-31325
Name of the Vulnerable Software and Affected Versions rfc3161-client versions prior to 1.0.6 Description An authorization bypass issue exists in rfc3161-client's signature verification. An attacker can impersonate a trusted TimeStamping Authority TSA by exploiting a flaw in how the library extrac...
HSEC-2023-0001 Hash flooding vulnerability in aeson
Hash flooding vulnerability in aeson aeson was vulnerable to hash flooding a.k.a. hash DoS. The issue is a consequence of the HashMap implementation from unordered-containers. It results in a denial of service through CPU consumption. This technique has been used in real-world attacks against a...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: perf/core: The order of the PMU list needs to be adjusted to fix a warning regarding an unordered pmuctxlist. The Syskaller trigger a warning because prevepc-pmu does not equal nextepc-pmu in perfeventswaptaskctxdata. vmcore...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a PMU list ordering issue resulting in a warning about an unordered pmuctxlist...
Linux Distros Unpatched Vulnerability : CVE-2022-3433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the pinmux driver accessing desc-pinmux data in an unordered manner, which could lead to a NULL pointer...
CLSA-2024-1730479989 Fix CVE(s): CVE-2023-7347, CVE-2024-7347
SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347...
CLSA-2024-1730478623 Fix CVE(s): CVE-2023-7347, CVE-2024-7347
SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347...
The vulnerability of the JSON aeson analysis and encoding library, related to insufficient encryption strength, allows attackers to trigger a service denial.
The vulnerability of the JSONeson analysis and encoding library is related to the creation of a collision in the basic unordered-containers library, by sending specially created JSON data. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...
ROS-20240815-12
The JSON aeson analysis and encoding library vulnerability is related to the creation of a hash collision in the unordered-containers base library by sending specially crafted JSON data. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial of service...
DEBIAN-CVE-2022-3433
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...
CVE-2022-3433
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...
UBUNTU-CVE-2022-3433
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...
PT-2022-7465
Name of the Vulnerable Software and Affected Versions aeson affected versions not specified Description The aeson library is not safe for consuming untrusted JSON input. A remote user could exploit this issue to produce a hash collision in the underlying unordered-containers library by sending...
GHSA-7MG7-M5C3-3HQJ Data races in unicycle
Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...
GHSA-686F-CH3R-XWMH Data races in unicycle
Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...
PYSEC-2021-569
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check...
CVE-2020-36436
An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab and Unordered do not have bounds on their Send and Sync traits...
RUSTSEC-2020-0116 PinSlab<T> and Unordered<T, S> need bounds on their Send/Sync traits
Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...