146 matches found
USN-5698-1 openvswitch vulnerability
It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...
GoCD 安全漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that stems from the use of regular string comparisons to validate tokens instead of the constant time algorithm, which can be exploited by an attacker to brute-force GoCD server API calls...
CVE-2022-36072 SilverwareGames.io used == for hashing instead of ===
SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value w...
Denial Of Service (DoS)
sqlite3 is vulnerable to Denial Of Service DoS. The vulnerability exists because the whereKeyStats routine is unable to cope with row-value comparisons against the primary key index of a WITHOUT ROWID table which allows an attacker to cause an application crash...
Ecto missing `is_nil` requirement
Ecto will not raise on queries with non-explicit nil comparisons ie if they aren't checked with isnil...
GHSA-2XXX-FHC8-9QVQ Ecto missing `is_nil` requirement
Ecto will not raise on queries with non-explicit nil comparisons ie if they aren't checked with isnil...
PT-2022-8026 · Ecto · Ecto
Name of the Vulnerable Software and Affected Versions: Ecto version 2.2.0 Description: The issue is related to a lack of protection mechanism in the interaction between is nil and raise functions. Specifically, Ecto will not raise on queries with non-explicit nil comparisons, unless they are...
USN-5310-1 glibc vulnerabilities
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS...
Unspecified Vulnerability in NumPy (CNVD-2021-101680)
NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...
NumPy 安全漏洞
NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...
Cvxopt 安全漏洞
Cvxopt is a freeware package for convex optimization based on the Python programming language. cvxopt A security vulnerability exists in cvxop 1.2.6 and earlier versions, which stems from incomplete string comparisons in the API. An attacker can use this vulnerability to conduct a denial of servi...
Trying to use timestamps with blocknumbers
Handle goatbug Vulnerability details Impact requirebondTimestamp + ONEDAY block.number; There are require statements comparing timestamps to blocknumbers. We cannot assume one block per second, this code would not work on different chains where block times radically differ. The effect is having...
The vulnerability in the `parser_parse_statements` function of the `js-parser-statm.c` component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.
The vulnerability of the parserparsestatements function in the js-parser-statm.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform is related to incorrect comparisons. Exploiting this vulnerability could allow a remote attacker to cause a service...
The vulnerability in the `parser_parse_function_statement` function of the `js-parser-statm.c` component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.
The vulnerability of the parserparsefunctionstatement function in the js-parser-statm.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform is related to incorrect comparisons. Exploiting this vulnerability could allow a remote attacker to cause a...
The vulnerability of the Prosody Jabber/XMPP server lies in the simultaneous execution using a shared resource with incorrect synchronization, allowing an attacker to gain access to confidential data.
The vulnerability of the Prosody Jabber/XMPP server is related to the use of an algorithm with non-persistent execution time for comparing secret strings. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...
hestiacp 安全漏洞
hestiacp is a lightweight and powerful control panel for the modern web. A security vulnerability exists in hestiacp that stems from hestiacp's tendency to use incorrect operators in string comparisons...
Arithmetic Error - manualRebalance function has multiple arithmetic bugs
Handle tabish Vulnerability details In short there are 2 errors in manualRebalance function : a ratio currentLockRatio has been compared to balance newLockRatio and at another point in the same function subtracted . 1 Expanding on the first one - checking newLockRatio Solution: Instead the if...
CVE-2021-37550
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used...
CVE-2021-37550
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used...
Design/Logic Flaw
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used...