Lucene search
K

146 matches found

Cvelist
Cvelist
added 2024/12/04 9:6 p.m.36 views

CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00379EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/12/04 9:6 p.m.25 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS4.9AI score0.00379EPSS
Exploits0
Cvelist
Cvelist
added 2024/12/02 2:32 p.m.51 views

CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS0.00385EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/13 2:54 p.m.4 views

golang-fips: Golang FIPS zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References5
OSV
OSV
added 2024/05/15 10:8 p.m.10 views

GHSA-7852-W36X-6MF6 Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior

The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of false. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the...

7.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/15 10:8 p.m.12 views

Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior

The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of false. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the...

7.1AI score
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/15 10:1 p.m.7 views

GHSA-6WJW-QF87-FV5V Laravel Encrypter Failure to decryption vulnerability

A potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. Depending on the code within your application, this could lea...

7.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.4 views

PT-2024-40153 · Laravel · Laravel Encrypter

Name of the Vulnerable Software and Affected Versions: Laravel Encrypter affected versions not specified Description: The issue affects the Laravel Encrypter component, potentially causing decryption failure and returning false. An attacker can exploit this by manipulating the encrypted payload...

7.7AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.10 views

PT-2024-40136 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel affected versions not specified Description: The issue concerns a potential exploit of the Laravel Encrypter component. This exploit may cause the Encrypter to fail during decryption and unexpectedly return false. To exploit this, an...

6.7AI score
Exploits0References6
OSV
OSV
added 2023/11/08 6:41 p.m.6 views

CLSA-2023-1699468875 Fix CVE(s): CVE-2022-48560

SECURITY UPDATE: posible crash in heapq with custom comparison operators - debian/patches/CVE-2022-48560.patch: disallow releasing heap items during a comparison callback - CVE-2022-48560...

7.5CVSS6.9AI score0.0177EPSS
Exploits1References1
Veracode
Veracode
added 2023/07/24 6:14 a.m.22 views

Stack Overflow

ChakraCore is vulnerable to stack buffer overflow. The vulnerability is due to the Collator object, which can result in a stack overflow during string comparisons resulting in an application crash...

5.5CVSS7.2AI score0.00786EPSS
Exploits1References1Affected Software1
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.7 views

Comparing Ether values using equality operators (== or !=) can be very hard to match each other . This will always reverts

Lines of code Vulnerability details Impact Comparing Ether values using equality operators can be very hard to match each other because Ether values are stored in a 256-bit unsigned integer uint256 in Solidity. This means that there are a very large number of possible Ether values, and it is very...

6.6AI score
Exploits0
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.8 views

WordPress Plugin Wordable 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS8.3AI score0.01543EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-5268

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use 1 logical instead of bitwise operations and 2 incorrect comparisons, which might allow remote attackers to cause a denial of service crash via a crafted PNG image...

4.3CVSS6.8AI score0.03092EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.5 views

SUSE CVE-2014-8684

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...

9.8CVSS7.4AI score0.71515EPSS
Exploits5References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.2 views

SUSE CVE-2015-0286

The ASN1TYPEcmp function in crypto/asn1/atype.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service invalid read operation and application crash...

5CVSS8.2AI score0.20706EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2023/01/31 1:12 p.m.6 views

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.8AI score0.00584EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.5 views

Vim 安全漏洞

Vim is a cross-platform text editor. A security vulnerability exists in Vim versions prior to 9.0.0804, which stems from the comparison of floating point operators with error operators...

6.8CVSS6.7AI score0.00463EPSS
Exploits1References8
OSV
OSV
added 2022/11/23 9:29 p.m.11 views

CLSA-2022-1669238963 xterm: Fix of CVE-2022-45063

CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...

9.8CVSS7.2AI score0.04949EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/11/14 12:0 a.m.7 views

The vulnerability of the _convert_from_str() function in the numpy.core module of the NumPy library allows a hacker to initiate data copying.

The vulnerability of the convertfromstr function in the numpy.core module of the NumPy library for Python is related to incorrect string comparisons. Exploiting this vulnerability could allow a malicious actor to initiate data copying through specially created objects...

5.3CVSS6.6AI score0.01561EPSS
Exploits1References5Affected Software3
Rows per page
Query Builder