19 matches found
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
UBUNTU-CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
bcrypt-ruby 输入验证错误漏洞
bcrypt-ruby is an open-source secure password hashing tool developed by bcrypt-ruby. Versions of bcrypt-ruby prior to 3.1.22 had a vulnerability related to input validation. This vulnerability stemmed from integer overflow in the JRuby implementation, which led to enhanced circular zero iteration...
GHSA-F27W-VCWJ-C954 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...
bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...
bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...
PT-2026-26246
Name of the Vulnerable Software and Affected Versions bcrypt-ruby versions prior to 3.1.22 Description The bcrypt-ruby gem, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, contains a flaw in its Java BCrypt implementation for JRuby. Specifically, an integer overflow in the...
SUSE: Security Advisory (SUSE-SU-2025:20921-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2025:20013-1 Recommended update of flake-pilot
This update for flake-pilot fixes the following issues: Update version to 3.1.22. - Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for...
Recommended update of flake-pilot
This update for flake-pilot fixes the following issues: Update version to 3.1.22. Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for th...
SUSE-SU-2025:20921-1 Recommended update of flake-pilot
This update for flake-pilot fixes the following issues: Update version to 3.1.22. - Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for...
WordPress FULL Customer Plugin <= 3.1.22 is vulnerable to Cross Site Scripting (XSS)
Software FULL Customer Type Plugin Vulnerable versions = 3.1.22 Fixed in 3.1.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 199342483259 Credits vgo0 Required...
CVE-2021-0265
An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the...
gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...
Squid 2.x / 3.x < 3.1.22 / 3.2.4 / 3.3.0.2 cachemgr.cgi DoS
According to its banner, the version of Squid running on the remote host is 2.x or 3.x prior to 3.1.22 / 3.2.4 / 3.3.0.2. The included 'cachemgr.cgi' tool reportedly lacks input validation, which could be abused by any client able to access that tool to perform a denial of service attack on the...