Lucene search
+L

181 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.6 views

SUSE CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

7.8CVSS6.9AI score0.01246EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.8 views

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.8AI score0.00584EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.4 views

PT-2023-13035 · Unknown · Wildfly Elytron

Name of the Vulnerable Software and Affected Versions: Wildfly-elytron affected versions not specified Description: A flaw was found in Wildfly-elytron, where it uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. This allows an attacker to access...

7.4CVSS6AI score0.00584EPSS
Exploits0References8
OSV
OSV
added 2022/12/15 7:15 p.m.5 views

CVE-2021-39426

An issue was discovered in /Upload/admin/adminnotify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set...

9.8CVSS6AI score0.00875EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.7 views

PT-2022-6814 · Unknown +1 · Openimageio +1

Name of the Vulnerable Software and Affected Versions: OpenImageIO version 2.4.4.2 Description: Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This issue arises when the...

9.8CVSS7.4AI score0.01962EPSS
Exploits23References92
OSV
OSV
added 2022/05/17 5:23 a.m.3 views

GHSA-2QR7-8FP8-4XXR Caucho Quercus, as distributed in Resin, does not properly implement the `==` operator for comparisons

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == equals sign equals sign operator for comparisons, which has unspecified impact and context-dependent attack vectors...

7.5CVSS6.8AI score0.01616EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2022/05/07 7:0 a.m.3 views

cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

...

5.3CVSS6.4AI score0.01866EPSS
Exploits0
OSV
OSV
added 2022/04/28 1:15 a.m.6 views

AZL-9588 CVE-2022-29869 affecting package cifs-utils for versions less than 6.14-2

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign characters but is not a valid credentials file...

5.3CVSS7.1AI score0.01866EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/28 1:15 a.m.3 views

CVE-2022-29869

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign characters but is not a valid credentials file...

5.3CVSS6.8AI score0.01866EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.5 views

cifs-utils 日志信息泄露漏洞

cifs-utils is a toolkit from the individual developer Pavel Shilovsky. It provides utilities for managing CIFS network file system installations. A security vulnerability exists in cifs-utils version 6.14 and earlier, which stems from an information leak when a file contains the = equals sign...

5.3CVSS6.5AI score0.01866EPSS
Exploits0References18
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.2 views

CVE-2022-27380

An issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

7.5CVSS7.1AI score0.02264EPSS
Exploits1References4
NCSC
NCSC
added 2022/03/07 12:0 a.m.4 views

Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations

A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...

9.8CVSS9.1AI score0.02944EPSS
Exploits0
OSV
OSV
added 2022/01/20 10:15 p.m.6 views

UBUNTU-CVE-2021-46348

There is an Assertion 'ECMASTRINGISREFEQUALSTOONE stringp' failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0...

5.5CVSS6AI score0.00621EPSS
Exploits1References3
OSV
OSV
added 2022/01/17 2:15 a.m.11 views

AZL-7747 CVE-2022-23303 affecting package wpa_supplicant for versions less than 2.10-1

The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...

9.8CVSS7.2AI score0.02944EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/01/16 12:0 a.m.5 views

PT-2022-5940 · Hostap +7 · Hostapd +7

Name of the Vulnerable Software and Affected Versions: hostapd versions prior to 2.10 wpa supplicant versions prior to 2.10 Description: The issue is related to an incomplete fix, resulting in side channel attacks due to cache access patterns. This allows an attacker to potentially disclose...

10CVSS6.3AI score0.09501EPSS
Exploits4References125
BDU FSTEC
BDU FSTEC
added 2021/12/07 12:0 a.m.7 views

The vulnerability of the SAE implementation of the wpa_supplicant function for wireless communication devices with WPA certification lies in the fact that it exposes information, allowing attackers to gain access to confidential data.

The vulnerability of the SAE implementation of the wpasupplicant function for wireless communication devices with WPA certification is related to errors in timing and access patterns to the cache. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

5.9CVSS6.9AI score0.03739EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2021/09/27 5:15 p.m.4 views

CVE-2021-41753

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames...

7.5CVSS5.8AI score0.02334EPSS
Exploits0References1
OSV
OSV
added 2021/09/22 9:15 a.m.3 views

UBUNTU-CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.06252EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/08/10 3:17 p.m.5 views

OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS6.7AI score0.04044EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/16 10:13 a.m.7 views

OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS6.7AI score0.04044EPSS
Exploits0References4
Rows per page
Query Builder