CVE-2024-10026
MEDIUMDescription
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gvisor | |
| gvisor |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-10026? +
How severe is CVE-2024-10026? +
What products are affected by CVE-2024-10026? +
How do I check if I'm vulnerable to CVE-2024-10026? +
Related Vulnerabilities
LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause …
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making …
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of …
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only …
free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up …
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically …