Lucene search
K

14 matches found

AlpineLinux
AlpineLinux
added 2026/05/20 5:45 a.m.7 views

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.0055EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.11 views

CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

7.5CVSS5.7AI score0.00441EPSS
Exploits0
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.2 views

WordPress plugin CiyaShop 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

9.8CVSS9.1AI score0.00624EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.10 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing null pointers in strcmp...

5.5CVSS6.5AI score0.00226EPSS
Exploits0References10
OSV
OSV
added 2024/01/22 4:15 a.m.2 views

ALPINE-CVE-2024-23771

darkhttpd before 1.15 uses strcmp which is not constant time to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel...

9.8CVSS7AI score0.01055EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.4 views

Virtuoso Open-Source Edition SQL注入漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform from OpenLink Software open source. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.9, which...

7.5CVSS7.2AI score0.00905EPSS
Exploits1References3
Huntr
Huntr
added 2023/02/21 9:57 p.m.31 views

Observable Timing Discrepancy in Login Portal

Description An observable discrepancy in response times is present in the login portal. When brute forcing valid email accounts, the timing on a valid account is significantly higher than that of an invalid user account. This is likely due to the use of Bcrypt's compare function being utilized by...

5CVSS5.5AI score0.00639EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.3 views

SUSE CVE-2012-2122

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remo...

5.1CVSS6.6AI score0.96188EPSS
Exploits9References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.2 views

SUSE CVE-2022-27446

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.h...

7.1CVSS8.4AI score0.01492EPSS
Exploits1References11
Microsoft CVE
Microsoft CVE
added 2022/04/22 7:0 a.m.2 views

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

...

7.5CVSS7.8AI score0.02066EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2019/07/05 1:15 a.m.29 views

CVE-2019-13312

blockcmp in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read...

8.8CVSS7.2AI score0.01694EPSS
Exploits0References4
CNVD
CNVD
added 2019/02/03 12:0 a.m.3 views

GNU C Library Local Denial of Service Vulnerability

The GNU C Library glibc is an open-source, free, easy-to-download C compiler released under the LGPL license. A local denial of service vulnerability exists in the memcmp function for the x32 architecture in GNU C Library 2.29 and earlier versions, which can be exploited by an attacker to cause a...

5.5CVSS8.3AI score0.00607EPSS
Exploits1References1
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.22 views

Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion

Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion / This is simillar to the previous issue 1457. But this time, we use Array.prototype.reverse. Array.prototype.reverse can be inlined and may invoke EnsureNonNativeArray to convert the prototype of "this" to a Var array. Call...

0.3AI score
Exploits0
CNVD
CNVD
added 2018/01/05 12:0 a.m.2 views

Logic Vulnerability in Inventron VT Designer

INVISION is a key high-tech enterprise under the National Torch Plan. Relying on power electronics, automatic control and information technology, INVISION's business covers industrial automation, new energy vehicles, network energy and rail transportation. A logic vulnerability exists in INVITRO ...

6.6AI score
Exploits0References1
Rows per page
Query Builder