146 matches found
CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
GHSA-7852-W36X-6MF6 Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of false. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the...
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of false. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the...
GHSA-6WJW-QF87-FV5V Laravel Encrypter Failure to decryption vulnerability
A potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. Depending on the code within your application, this could lea...
PT-2024-40153 · Laravel · Laravel Encrypter
Name of the Vulnerable Software and Affected Versions: Laravel Encrypter affected versions not specified Description: The issue affects the Laravel Encrypter component, potentially causing decryption failure and returning false. An attacker can exploit this by manipulating the encrypted payload...
PT-2024-40136 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel affected versions not specified Description: The issue concerns a potential exploit of the Laravel Encrypter component. This exploit may cause the Encrypter to fail during decryption and unexpectedly return false. To exploit this, an...
CLSA-2023-1699468875 Fix CVE(s): CVE-2022-48560
SECURITY UPDATE: posible crash in heapq with custom comparison operators - debian/patches/CVE-2022-48560.patch: disallow releasing heap items during a comparison callback - CVE-2022-48560...
Stack Overflow
ChakraCore is vulnerable to stack buffer overflow. The vulnerability is due to the Collator object, which can result in a stack overflow during string comparisons resulting in an application crash...
Comparing Ether values using equality operators (== or !=) can be very hard to match each other . This will always reverts
Lines of code Vulnerability details Impact Comparing Ether values using equality operators can be very hard to match each other because Ether values are stored in a 256-bit unsigned integer uint256 in Solidity. This means that there are a very large number of possible Ether values, and it is very...
WordPress Plugin Wordable 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
SUSE CVE-2007-5268
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use 1 logical instead of bitwise operations and 2 incorrect comparisons, which might allow remote attackers to cause a denial of service crash via a crafted PNG image...
SUSE CVE-2014-8684
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...
SUSE CVE-2015-0286
The ASN1TYPEcmp function in crypto/asn1/atype.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service invalid read operation and application crash...
wildfly-elytron: possible timing attacks via use of unsafe comparator
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...
Vim 安全漏洞
Vim is a cross-platform text editor. A security vulnerability exists in Vim versions prior to 9.0.0804, which stems from the comparison of floating point operators with error operators...
CLSA-2022-1669238963 xterm: Fix of CVE-2022-45063
CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...
The vulnerability of the _convert_from_str() function in the numpy.core module of the NumPy library allows a hacker to initiate data copying.
The vulnerability of the convertfromstr function in the numpy.core module of the NumPy library for Python is related to incorrect string comparisons. Exploiting this vulnerability could allow a malicious actor to initiate data copying through specially created objects...