Lucene search
K

133 matches found

Veracode
Veracode
added 2024/10/01 3:37 a.m.8 views

Timing Attack

basic-auth-connect is vulnerable to Timing Attack. The vulnerability is due to improper implementation of the equality comparison, where the comparison function reveals differences in the time taken to process incorrect versus correct input, allowing an attacker to infer sensitive information bas...

8.7CVSS6.2AI score0.00504EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/09/30 3:9 p.m.70 views

CVE-2024-47178

The CVE-2024-47178 issue affects basic-auth-connect (

8.7CVSS5.1AI score0.00504EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/09/30 3:9 p.m.14 views

CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

8.7CVSS7.7AI score0.00504EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2024/09/19 3:10 a.m.5 views

SUSE CVE-2024-46738

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmciresourceremove When removing a resource from vmciresourcetable in vmciresourceremove, the search is performed using the resource handle by comparing context and resource...

6.7CVSS6.5AI score0.00276EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.43 views

RHEL 5 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

9.8CVSS8.4AI score0.73927EPSS
Exploits12References20
OSV
OSV
added 2024/03/06 10:52 a.m.27 views

BIT-DRUPAL-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8.1CVSS7.8AI score0.01239EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/30 12:0 a.m.6 views

PT-2023-31477 · Testlink · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink versions 1.9.20 and earlier Description: The issue allows type juggling for authentication bypass because the === operator is not used. This can lead to unauthorized access. Recommendations: For versions 1.9.20 and earlier, consider...

7.5CVSS7.5AI score0.00651EPSS
Exploits1References8
hivepro
hivepro
added 2023/10/17 2:9 p.m.11 views

Storm-0978 unleashes PEAPOD to target Women Political Leaders

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Storm-0978, a threat actor group, utilized a new variant of the RomCom backdoor, "ROMCOM 4.0" also referred to as PEAPOD, to target attendees of the Women Political Leaders WPL Summit in Brussels. This...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/13 2:31 p.m.60 views

New PEAPOD Cyberattack Campaign Targeting Women Political Leaders

European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the nam...

7.5CVSS8.2AI score0.99083EPSS
Exploits3
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.9 views

The utilization of strict equality within the subtractLoss function is susceptible to straightforward manipulation by a potential attacker.

Lines of code Vulnerability details Impact If this equality condition is intentionally disrupted, it will result in the failure of all settlement processes carried out using the settle function. Proof of Concept Tools Used Manual review Recommended Mitigation Steps - collateral.balanceOfaddressth...

7.1AI score
Exploits0
Prion
Prion
added 2023/08/16 9:15 p.m.14 views

Cross site request forgery (csrf)

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

2.6CVSS5.4AI score0.00646EPSS
Exploits1References4Affected Software1
RustSec
RustSec
added 2023/03/24 12:0 p.m.48 views

`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses

An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...

7.5CVSS6.7AI score0.00556EPSS
Exploits0Affected Software1
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.7 views

Owner is able to mint 1 token more than 1000 prelaunch tokens due to wrong equality check

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Owner is able to mint 1 token more than 1000 prelaunch tokens due to wrong check here Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.4 views

SUSE CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

6.8CVSS7AI score0.01176EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.3 views

SUSE CVE-2016-5423

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service NULL pointer dereference and server crash, obtain sensitive memory information, or possibly execute arbitrary code via 1 a...

8.3CVSS9.7AI score0.05962EPSS
Exploits0References12
Rapid7 Blog
Rapid7 Blog
added 2023/02/07 7:40 p.m.46 views

Rapid7 Recognized on Bloomberg Gender Equality Index, Continues Commitments to Support DEI

For the fifth year in a row, Rapid7 is pleased to share that we've been included in the Bloomberg Gender Equality Index. The Gender Equality Index GEI recognizes publicly traded companies for being transparent in their commitment to gender equality. This includes how they score in areas such as...

7AI score
Exploits0
OSV
OSV
added 2022/09/06 8:45 p.m.4 views

CVE-2022-36072 SilverwareGames.io used == for hashing instead of ===

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value w...

5.9CVSS6.8AI score0.00463EPSS
Exploits0References3
OSV
OSV
added 2022/09/06 11:58 a.m.1 views

SUSE-SU-2022:15034-1 Security update for ruby

This update for ruby fixes the following issues: - CVE-2018-16395: Fixed an issue where two x509 certificates could be considered to be equal when this was not the case bsc1112530. - CVE-2021-32066: Fixed an issue where the IMAP client API would not report a failure when StartTLS failed, leading ...

9.8CVSS7AI score0.10715EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2022/08/09 12:23 p.m.2 views

mariadb: crash when using HAVING with IS NULL predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemcmpfunc.h, impacting availability...

7.5CVSS7.3AI score0.01579EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/07/28 4:6 p.m.3 views

mariadb: crash when using HAVING with NOT EXIST predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemsubselect.cc, affecting availability...

7.5CVSS7.3AI score0.01485EPSS
Exploits1References4
Rows per page
Query Builder