Lucene search
+L

180 matches found

redhat
redhat
added 2025/05/07 12:48 p.m.13 views

python-werkzeug: cookie prefixed with = can shadow unprefixed cookie

A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...

3.5CVSS7.1AI score0.00507EPSS
Exploits0References7
bdu_fstec
bdu_fstec
added 2025/05/06 12:0 a.m.8 views

The vulnerability of the Arrays.equals() method in the Apache Hive database, which allows an attacker to cause a service failure.

The vulnerability of the Arrays.equals method in the Apache Hive database is related to manipulating unknown inputs, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow an attacker to cause service failures...

6.8CVSS5.4AI score0.01131EPSS
Exploits1References8Affected Software1
osv
osv
added 2025/03/28 3:15 a.m.3 views

DEBIAN-CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

7.5CVSS7.3AI score0.00345EPSS
Exploits0References1
debiancve
debiancve
added 2025/03/28 2:5 a.m.10 views

CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

7.5CVSS7.3AI score0.00345EPSS
Exploits0
susecve
susecve
added 2025/02/27 3:10 a.m.5 views

SUSE CVE-2022-49191

In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike, we return an error. Provided -shutdown is not called when -activate fails, nothing actually frees the buffer in this case. Fix this...

5.5CVSS6.8AI score0.00259EPSS
Exploits0References4
susecve
susecve
added 2025/02/27 3:2 a.m.3 views

SUSE CVE-2022-49706

In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefsiomapbegin for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent an IO, but the iomap...

7.1CVSS6.7AI score0.00252EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/02/05 12:31 a.m.8 views

CVE-2024-31470

There is a buffer overflow vulnerability in the underlying SAE Simultaneous Authentication of Equals service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's Access Point management protocol UDP port 8211. Successful...

9.8CVSS8.6AI score0.01188EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/28 12:0 a.m.5 views

Apache Hive 安全漏洞

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A trust...

6.5CVSS6.8AI score0.01131EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2024/08/13 12:0 a.m.6 views

PT-2024-40839 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the CommentsInserter class. The crash occurs in the insertComments function, which is part of the JavaParser library. The error is also...

6.9AI score
Exploits0References2
osv
osv
added 2024/07/18 12:6 a.m.11 views

OSV-2024-662 Security exception in com.github.javaparser.CommentsInserter.insertComments

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70313 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals com.github.javaparser.Position.equals...

7.1AI score
Exploits0References1
ossf
ossf
added 2024/06/25 1:29 p.m.5 views

Malicious code in Equаls.Fоԁу (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2024/05/30 12:16 a.m.14 views

OSV-2024-518 Security exception in com.github.javaparser.CommentsInserter.insertComments

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69307 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals com.github.javaparser.Position.equals...

7.1AI score
Exploits0References1
ptsecurity
ptsecurity
added 2024/05/30 12:0 a.m.7 views

PT-2024-40787 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the CommentsInserter class. The crash occurs in the insertComments function, which is part of the JavaParser library. The error is also...

6.9AI score
Exploits0References2
cnnvd
cnnvd
added 2024/05/22 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from "ret" being set to 1, causing the "if ret ! = -ENODATA" check does not work...

5.5CVSS6.3AI score0.00196EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/05/20 12:0 a.m.7 views

PT-2024-40780 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: A security exception crash has been reported. The crash involves the insertComments function in com.github.javaparser.CommentsInserter, and the equals methods in...

7AI score
Exploits0References2
osv
osv
added 2024/05/14 11:15 p.m.6 views

CVE-2024-31470

There is a buffer overflow vulnerability in the underlying SAE Simultaneous Authentication of Equals service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's Access Point management protocol UDP port 8211. Successful...

9.8CVSS6.8AI score0.01188EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/04/26 12:0 a.m.4 views

PT-2024-25171 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version cefd391 Description: An Assertion Failure was discovered in Jerryscript via ECMA STRING IS REF EQUALS TO ONE string p in ecma free string list. Recommendations: For Jerryscript version cefd391, at the moment, there is no...

6.2CVSS7AI score0.00274EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2024/04/10 12:0 a.m.4 views

PT-2024-40690 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: A security exception crash has been reported. The crash involves the insertComments function in com.github.javaparser.CommentsInserter, and the equals methods in...

7AI score
Exploits0References2
osv
osv
added 2023/12/26 4:15 a.m.5 views

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

7.5CVSS5.8AI score0.00295EPSS
Exploits0References1
attackerkb
attackerkb
added 2023/12/26 4:15 a.m.3 views

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

7.5CVSS5.9AI score0.00295EPSS
Exploits0References2
Rows per page
Query Builder