CVE-2026-23364

CVE-2026-23364 concerns the Linux kernel’s ksmbd path, where MAC comparisons were not performed in constant time. The underlying issue is a timing-attack-prone memcmp() usage; the recommended fix is to replace memcmp() with crypto_memneq() to ensure constant-time comparisons. The vulnerability is...

Admin Express 安全漏洞

Admin Express is a database management tool developed by Admin Express Corporation. Version 1.2.5 of Admin Express contains a security vulnerability. This vulnerability stems from a denial-of-service attack, and it could allow local attackers to cause the application to crash by submitting...

CVE-2025-63656

An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...

EUVD-2022-5763

Malicious code in bioql PyPI...

CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2022-29183

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...

glibc qsort() Out-Of-Bounds Read / Write Exploit

Qualys discovered a memory corruption in the glibc's qsort function, due to a missing bounds check. To be vulnerable, a program must call qsort with a nontransitive comparison function a function cmpint a, int b that returns a - b, for example and with a large number of attacker-controlled elemen...

glibc qsort() Out-Of-Bounds Read / Write

Qualys Security Advisory For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read & write in glibc's qsort ======================================================================== Contents ========================================================================...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a core memory corruption during a system call to the Sectools Fuse comparison function...

CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

mariadb: assertion failure in sql/item_cmpfunc.cc

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemcmpfunc.cc, affecting availability...

mariadb: assertion failure in sql/item_cmpfunc.cc

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemcmpfunc.cc, affecting availability...

CVE-2022-24912 Timing Attack

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

mariadb: assertion failure in sql/item_cmpfunc.cc

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemcmpfunc.cc, affecting availability...

CVE-2022-29183 Reflected XSS in GoCD

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...

ALPINE-CVE-2022-27452

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.cc...

Design/Logic Flaw

Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

Design/Logic Flaw

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC...

CVE-2020-2102

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC...