Lucene search
K

146 matches found

OSV
OSV
added 2022/10/25 11:23 a.m.3 views

USN-5698-1 openvswitch vulnerability

It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.1CVSS7.3AI score0.00529EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/14 12:0 a.m.4 views

GoCD 安全漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that stems from the use of regular string comparisons to validate tokens instead of the constant time algorithm, which can be exploited by an attacker to brute-force GoCD server API calls...

6.5CVSS6AI score0.00622EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/09/06 8:45 p.m.4 views

CVE-2022-36072 SilverwareGames.io used == for hashing instead of ===

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value w...

5.9CVSS5.7AI score0.0048EPSS
Exploits0References1
Veracode
Veracode
added 2022/07/23 1:42 a.m.32 views

Denial Of Service (DoS)

sqlite3 is vulnerable to Denial Of Service DoS. The vulnerability exists because the whereKeyStats routine is unable to cope with row-value comparisons against the primary key index of a WITHOUT ROWID table which allows an attacker to cause an application crash...

7.5CVSS7.4AI score0.19193EPSS
Exploits2References9Affected Software5
Github Security Blog
Github Security Blog
added 2022/04/12 7:42 p.m.16 views

Ecto missing `is_nil` requirement

Ecto will not raise on queries with non-explicit nil comparisons ie if they aren't checked with isnil...

9.8CVSS5.4AI score0.01279EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/04/12 7:42 p.m.15 views

GHSA-2XXX-FHC8-9QVQ Ecto missing `is_nil` requirement

Ecto will not raise on queries with non-explicit nil comparisons ie if they aren't checked with isnil...

9.8CVSS8.3AI score0.01279EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.3 views

PT-2022-8026 · Ecto · Ecto

Name of the Vulnerable Software and Affected Versions: Ecto version 2.2.0 Description: The issue is related to a lack of protection mechanism in the interaction between is nil and raise functions. Specifically, Ecto will not raise on queries with non-explicit nil comparisons, unless they are...

9.8CVSS7.1AI score0.01279EPSS
Exploits1References12
OSV
OSV
added 2022/03/01 3:9 p.m.7 views

USN-5310-1 glibc vulnerabilities

Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS...

9.8CVSS7AI score0.05223EPSS
Exploits5References13
CNVD
CNVD
added 2021/12/21 12:0 a.m.30 views

Unspecified Vulnerability in NumPy (CNVD-2021-101680)

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...

5.3CVSS5.4AI score0.01561EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.6 views

NumPy 安全漏洞

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...

5.3CVSS5.7AI score0.01561EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.6 views

Cvxopt 安全漏洞

Cvxopt is a freeware package for convex optimization based on the Python programming language. cvxopt A security vulnerability exists in cvxop 1.2.6 and earlier versions, which stems from incomplete string comparisons in the API. An attacker can use this vulnerability to conduct a denial of servi...

7.5CVSS7.3AI score0.01184EPSS
Exploits1References4
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.10 views

Trying to use timestamps with blocknumbers

Handle goatbug Vulnerability details Impact requirebondTimestamp + ONEDAY block.number; There are require statements comparing timestamps to blocknumbers. We cannot assume one block per second, this code would not work on different chains where block times radically differ. The effect is having...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.6 views

The vulnerability in the `parser_parse_statements` function of the `js-parser-statm.c` component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.

The vulnerability of the parserparsestatements function in the js-parser-statm.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform is related to incorrect comparisons. Exploiting this vulnerability could allow a remote attacker to cause a service...

7.5CVSS7.2AI score0.01083EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.6 views

The vulnerability in the `parser_parse_function_statement` function of the `js-parser-statm.c` component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.

The vulnerability of the parserparsefunctionstatement function in the js-parser-statm.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform is related to incorrect comparisons. Exploiting this vulnerability could allow a remote attacker to cause a...

7.5CVSS7.2AI score0.01149EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.8 views

The vulnerability of the Prosody Jabber/XMPP server lies in the simultaneous execution using a shared resource with incorrect synchronization, allowing an attacker to gain access to confidential data.

The vulnerability of the Prosody Jabber/XMPP server is related to the use of an algorithm with non-persistent execution time for comparing secret strings. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

5.9CVSS6.3AI score0.01601EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.4 views

hestiacp 安全漏洞

hestiacp is a lightweight and powerful control panel for the modern web. A security vulnerability exists in hestiacp that stems from hestiacp's tendency to use incorrect operators in string comparisons...

9.8CVSS6AI score0.01111EPSS
Exploits1References3
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.12 views

Arithmetic Error - manualRebalance function has multiple arithmetic bugs

Handle tabish Vulnerability details In short there are 2 errors in manualRebalance function : a ratio currentLockRatio has been compared to balance newLockRatio and at another point in the same function subtracted . 1 Expanding on the first one - checking newLockRatio Solution: Instead the if...

6.8AI score
Exploits0
OSV
OSV
added 2021/08/06 2:15 p.m.3 views

CVE-2021-37550

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used...

7.5CVSS5.8AI score0.01126EPSS
Exploits0References1
NVD
NVD
added 2021/08/06 2:15 p.m.27 views

CVE-2021-37550

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used...

7.5CVSS0.01126EPSS
Exploits0References1
Prion
Prion
added 2021/08/06 2:15 p.m.19 views

Design/Logic Flaw

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used...

5CVSS7.6AI score0.01126EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder