Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

MAL-2024-9511 Malicious code in auth-oauth-device (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in auth-oauth-device (npm)

--- -= Per source details. Do not edit below this line.=-...

PT-2024-14501 · Unknown · Freescout End-User Portal

Name of the Vulnerable Software and Affected Versions: FreeScout End-User Portal module versions prior to 1.0.65 Description: The issue allows an attacker to authenticate as an arbitrary user because a session token can be sent to the "/auth" endpoint. Recommendations: For versions prior to 1.0.6...

CentOS 6 : chromium-browser (RHSA-2020:3377)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3377 advisory. - Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via ...

CVE-2024-47556

Pre-Auth RCE via Path Traversal...

CVE-2024-47557 Pre-Auth RCE via Path Traversal

Pre-Auth RCE via Path Traversal...

CVE-2024-47557

CVE-2024-47557 affects Xerox FreeFlow Core. The root cause is a path traversal flaw that enables pre-auth remote code execution . PT-2024-32656 corroborates a pre-auth RCE via path traversal but provides no specific affected versions or fix information. Exploitation details are not provided in th...

CVE-2024-47556 Pre-Auth RCE via Path Traversal

Pre-Auth RCE via Path Traversal...

CVE-2024-47556 Pre-Auth RCE via Path Traversal

Pre-Auth RCE via Path Traversal...

CVE-2024-47556

CVE-2024-47556 relates to Xerox FreeFlow Core and is described as a Pre-Auth RCE via Path Traversal. The provided documents indicate: affected product is Xerox FreeFlow Core (vague on specific versions) and the underlying issue is a path traversal condition enabling pre-auth remote code execution...

Timing Attack

basic-auth-connect is vulnerable to Timing Attack. The vulnerability is due to improper implementation of the equality comparison, where the comparison function reveals differences in the time taken to process incorrect versus correct input, allowing an attacker to infer sensitive information bas...

CVE-2024-47178

A flaw was found in the basic-auth-connect package. Affected versions use a timing-unsafe equality comparison that can potentially leak timing information. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

basic-auth-connect's callback uses time unsafe string comparison

Impact basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information Patches this issue has been fixed in basic-auth-connect 1.1.0 References...

20231122-npm (=1.0.0), @3dr/potree (=1.6.0) +3220 more potentially affected by CVE-2024-47178 via basic-auth-connect (=1.0.0)

basic-auth-connect NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on basic-auth-connect and may be impacted: - 20231122-npm =1.0.0 - @3dr/potree =1.6.0 - @inlimbo/nativeui =0.0.1, =0.0.0, =0.20.0, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.0.1...

CVE-2024-47178

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

CVE-2024-47178

The CVE-2024-47178 issue affects basic-auth-connect (

CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

PT-2024-32459 · Unknown · Basic-Auth-Connect

Name of the Vulnerable Software and Affected Versions: basic-auth-connect versions prior to 1.1.0 Description: The issue concerns a timing-unsafe equality comparison in basic-auth-connect that can leak timing information. This comparison can potentially allow an attacker to observe differences in...