CVE-2024-5124

CVE-2024-5124 affects gaizhenbiao/chuanhuchatgpt (version 20240310) with a timing-attack in the password comparison logic that uses the Python '=' operator. An attacker could infer correct passwords by measuring per-character comparison timing, potentially exposing credentials. The root cause is ...

Incorrect usage of Comparison Operator(==) instead of Asignment Operator(=) in PartnerManagerFactory

Lines of code Vulnerability details Impact The incorrect usage of comparison operator instead of an assignment operator in addPartner and addVault functions could lead to undesirable behaviour. While the mapping partnerIds and vaultIds are supposed to keep track of the IDs, due to the error, thes...

Code injection

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value w...

in erikdubbelboer/phpredisadmin

Description $response is a salted md5 hash generated based on the concatenated hashed of credentials with other parameters. It has been discovered that $response compares with $data'response' using comparison operator != in file login.inc.php. This might cause unexpected behavior due to type...

CVE-2021-3797

hestiacp is vulnerable to Use of Wrong Operator in String Comparison...

Virgo_ZodiacToken Logic Flaw Vulnerability

VirgoZodiacToken is an Ether-based digital currency. A security vulnerability exists in VirgoZodiacToken's smart contract implementation that stems from the program's use of '='. An attacker could use the vulnerability to transfer funds from an arbitrary address to a user's address...

EulerOS Virtualization 3.0.1.0 : sqlite (EulerOS-SA-2019-1425)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that SQLite's sqlite3VdbeExec function did not properly implement comparison operators. A local attacker could submi...

Debian DLA-1408-1 : simplesamlphp security update

CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret...

CVE-2017-12872

The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...

CVE-2017-12872

The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...

CVE-2015-3415

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by...

CVE-2012-2967

CVE-2012-2967 affects Caucho Quercus on Resin prior to 4.0.29, where the == operator is not implemented correctly for comparisons. This misimplementation enables context-dependent outcomes and may allow an attacker to influence behavior, with the CVE entry noting unspecified impact. Several conne...