RHEL 8 : numpy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - numpy: incomplete string comparison in the numpy.core component CVE-2021-34141 - numpy: buffer overflow i...

RHEL 8 : numpy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code...

CVE-2024-3386

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

CVE-2024-3386

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

CVE-2024-3386

CVE-2024-3386 : In Palo Alto Networks PAN-OS, an incorrect string comparison prevents Predefined Decryption Exclusions from functioning as intended, causing traffic destined for domains not listed in the exclusions to be unintentionally excluded from decryption. The vulnerability affects PAN-OS s...

CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

Timing Attack

gradio is vulnerable to Timing Attack. The vulnerability is due to string comparisons in Python terminating early upon encountering a string mismatch. This allows an attacker to take advantage of the default lack of rate-limiting, to brute-force the correct username and password of an account...

Path Traversal

io.github.pixee: java-security-toolkit is vulnerable to a partial path traversal bypass. The vulnerable is due to currentDirectory.getCanonicalPath returning a path that is not terminated by a trailing slash. As such, using startsWith to do string comparisons opens up a flaw allowing for...

Design/Logic Flaw

CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...

CVE-2023-46739 Timing attack can leak user passwords

CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...

CubeFS timing attack can leak user passwords

A vulnerability was found during in the CubeFS master component that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the...

yii2 security vulnerabilities

yii2 is a fast, secure and professional PHP framework. A security vulnerability exists in yii2-authclient versions prior to 2.2.15, which stems from the possibility of a timing attack in string comparison...

yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation

Impact What kind of vulnerability is it? Who is impacted? Original Report: The Oauth1/2 "state" and OpenID Connect "nonce" is vulnerable for a "timing attack" since it's compared via regular string comparison instead of Yii::$app-getSecurity-compareString. Affected Code: 1. OAuth 1 "state"...

The vulnerability of the UpdateAction method in SolarWinds Orion software allows a hacker to execute arbitrary code with privileges of the Network Service.

The vulnerability of the UpdateAction method in the SolarWinds Orion Platform’s network monitoring software lies in improper string comparison. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code with privileges of the Network Service...

GHSA-4GPM-R23H-GPRW generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

Design/Logic Flaw

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...