DEBIAN-CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

CVE-2024-13939

The connected Astra Linux bulletin cites a timing-attack vulnerability in the Mojolicious Perl component (secure_compare) and notes only versions after 1.74 are affected, aligning with CVE-2024-13939’s class of timing leaks. Fedora/Nessus entries confirm CVE-2024-13939 is addressed by updates to ...

Spring LDAP data exposure vulnerability

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

SUSE CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

PT-2024-35959

Name of the Vulnerable Software and Affected Versions: pyjwt versions 2.10.0 through 2.10.0 Description: An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for " abc ". This is a bug introduced in version 2.10.0, where the "iss" claim checking changed from...

NumPy < 1.22.0 Vulnerability - CVE-2021-34141

The version of NumPy installed on the remote host is prior to 1.22.0. It is, therefore, affected by an incomplete string comparison vulnerability in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE...

CVE-2024-39742

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...

CVE-2024-39742

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...

CVE-2024-39743

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172...

CVE-2024-39742 IBM MQ Container authentication bypass

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...

CVE-2024-39743 IBM MQ Container denial of service

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172...

CVE-2024-39743 IBM MQ Container denial of service

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172...

PT-2024-28656 · Ibm · Ibm Mq Operator

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 Description: The issue allows a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. Recommendations: For IBM MQ Operator version 2.0.24,...

PT-2024-28657 · Ibm · Ibm Mq Container Developer Edition +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 IBM MQ Container Developer Edition affected versions not specified Description: The issue is caused by incorrect memory de-allocation, leading to a denial of service. A remote attacker could explo...

IBM MQ Operator Security Vulnerability

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security vulnerability exists in IBM MQ Operator version 3.2.2, version 2.0.24, which originates from allowing users to cause a denial of service due to a partial string...

RHEL 8 : numpy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - numpy: incomplete string comparison in the numpy.core component CVE-2021-34141 - numpy: buffer overflow i...

RHEL 8 : numpy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code...