164 matches found
CVE-2023-34358
ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition...
SolarWinds Orion Platform UpdateActionsProperties Incorrect Comparison Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateActionsProperties method. The issue results from an incorrect string...
SUSE CVE-2010-3072
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted request...
Improper String Comparison
erik-dubbelboer/php-redis-admin is vulnerable to improper string comparison. Improper use of operator in string comparison in authHttpDigest function of the file includes/login.inc.php allows an attacker to cause a magic hash attack via the response parameter...
CVE-2021-4259
A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 i...
CVE-2021-4259
A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 i...
Sql injection
A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 i...
phpRedisAdmin 安全漏洞
phpRedisAdmin is a web administration page for managing Redis for individual developers. A security vulnerability exists in phpRedisAdmin 1.17.3 and earlier, which stems from an issue with the authHttpDigest function in the file includes/login.inc.php, where manipulation of the parameter response...
PT-2022-11628 · Unknown · Phpredisadmin
Name of the Vulnerable Software and Affected Versions: phpRedisAdmin versions up to 1.17.3 phpRedisAdmin versions up to 1.16.1 can be simplified to the above line as 1.17.3 includes all versions up to 1.16.1, so the final output is: phpRedisAdmin versions up to 1.17.3 Description: A vulnerability...
CVE-2021-4259 phpRedisAdmin login.inc.php authHttpDigest wrong operator in string comparison
A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 i...
USN-5763-1: NumPy vulnerabilities
It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running malicious Python file, an attacker could cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-33430 It was discovered that NumPy di...
USN-5763-1 numpy vulnerabilities
It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running malicious Python file, an attacker could cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-33430 It was discovered that NumPy di...
Ubuntu 20.04 LTS / 22.04 LTS : NumPy vulnerabilities (USN-5763-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5763-1 advisory. It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running...
CLSA-2022-1669242003 Fix CVE(s): CVE-2022-45063
SECURITY UPDATE: possible RCE when using OSC 50 sequence - debian/patches/CVE-2022-45063.patch: Improve error recovery when setting a bitmap font for the VT100 window, e.g., in case OSC 50 failed, restoring the most recent valid font so that a subsequent OSC 50 reports this correctly. -...
DNSSECImpl.verifySignature compares strings incorrectly, allowing malicious zones to forge DNSSEC trust chain
Lines of code Vulnerability details Impact DNSSEC allows parent zones to sign for its child zones. To check validity of a signature, RFC4034 3.1.7 requires the Signer's Name in any RRSIG RDATA to contain the zone of covered RRset. This requirement is reasonable since any child zone should be...
UBUNTU-CVE-2021-41682
There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecmacompareecmanondirectstrings in JerryScript 2.4.0...
OESA-2022-1522 numpy security update
A fast multidimensional array facility for Python. Security Fixes: Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort...
Incorrect Comparison in cvxopt
Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...
GHSA-8RH6-H94M-VJ54 Incorrect Comparison in cvxopt
Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
...