180 matches found
python-werkzeug: cookie prefixed with = can shadow unprefixed cookie
A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...
The vulnerability of the Arrays.equals() method in the Apache Hive database, which allows an attacker to cause a service failure.
The vulnerability of the Arrays.equals method in the Apache Hive database is related to manipulating unknown inputs, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow an attacker to cause service failures...
DEBIAN-CVE-2024-13939
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...
CVE-2024-13939
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...
SUSE CVE-2022-49191
In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike, we return an error. Provided -shutdown is not called when -activate fails, nothing actually frees the buffer in this case. Fix this...
SUSE CVE-2022-49706
In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefsiomapbegin for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent an IO, but the iomap...
CVE-2024-31470
There is a buffer overflow vulnerability in the underlying SAE Simultaneous Authentication of Equals service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's Access Point management protocol UDP port 8211. Successful...
Apache Hive 安全漏洞
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A trust...
PT-2024-40839 · Unknown · Javaparser
Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the CommentsInserter class. The crash occurs in the insertComments function, which is part of the JavaParser library. The error is also...
OSV-2024-662 Security exception in com.github.javaparser.CommentsInserter.insertComments
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70313 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals com.github.javaparser.Position.equals...
Malicious code in Equаls.Fоԁу (NuGet)
--- -= Per source details. Do not edit below this line.=-...
OSV-2024-518 Security exception in com.github.javaparser.CommentsInserter.insertComments
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69307 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals com.github.javaparser.Position.equals...
PT-2024-40787 · Unknown · Javaparser
Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the CommentsInserter class. The crash occurs in the insertComments function, which is part of the JavaParser library. The error is also...
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from "ret" being set to 1, causing the "if ret ! = -ENODATA" check does not work...
PT-2024-40780 · Unknown · Javaparser
Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: A security exception crash has been reported. The crash involves the insertComments function in com.github.javaparser.CommentsInserter, and the equals methods in...
CVE-2024-31470
There is a buffer overflow vulnerability in the underlying SAE Simultaneous Authentication of Equals service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's Access Point management protocol UDP port 8211. Successful...
PT-2024-25171 · Unknown · Jerryscript
Name of the Vulnerable Software and Affected Versions: Jerryscript version cefd391 Description: An Assertion Failure was discovered in Jerryscript via ECMA STRING IS REF EQUALS TO ONE string p in ecma free string list. Recommendations: For Jerryscript version cefd391, at the moment, there is no...
PT-2024-40690 · Unknown · Javaparser
Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: A security exception crash has been reported. The crash involves the insertComments function in com.github.javaparser.CommentsInserter, and the equals methods in...
CVE-2023-28616
An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...
CVE-2023-28616
An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...