Lucene search
K

174 matches found

Snyk
Snyk
added 2025/09/16 10:20 p.m.2 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the verifyClientProof function which use Arrays.equals function. An attacker can infer sensitive authentication material by exploiting timing differences during the comparison of secret values. Remediation Upgrade...

8.7CVSS6.8AI score0.00835EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.6 views

PT-2025-38753

Name of the Vulnerable Software and Affected Versions versions prior to 3.2 Description A timing attack issue exists in the SCRAM Java implementation due to the use of Arrays.equals for comparing sensitive values like client proofs and server signatures. Arrays.equals performs a short-circuit...

8.7CVSS6.8AI score0.00835EPSS
Exploits0References33
NVD
NVD
added 2025/08/21 8:15 p.m.9 views

CVE-2010-20112

Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...

9.3CVSS0.01046EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.10 views

PT-2025-34287 · Undefined · Undefined

Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...

9.3CVSS7.6AI score0.01046EPSS
Exploits0References7
NVD
NVD
added 2025/08/19 2:15 p.m.7 views

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

9.8CVSS0.00475EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/28 3:10 p.m.3 views

Malicious code in triple-equals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d65cc69dec9f320438a4209e4c952480d78b96c779a019b6a09c04499b9e3edc When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/07/28 3:10 p.m.2 views

MAL-2025-6328 Malicious code in triple-equals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d65cc69dec9f320438a4209e4c952480d78b96c779a019b6a09c04499b9e3edc When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...

7AI score
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS6.5AI score0.00217EPSS
Exploits0References5
OSV
OSV
added 2025/07/22 9:15 p.m.6 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS5.8AI score0.00217EPSS
Exploits0References5
OSV
OSV
added 2025/07/22 9:15 p.m.8 views

UBUNTU-CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS7.3AI score0.00217EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2025/07/22 8:49 p.m.5 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS5.8AI score0.00217EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.5 views

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

7.5CVSS7.1AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:8 a.m.8 views

CVE-2012-2967

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == equals sign equals sign operator for comparisons, which has unspecified impact and context-dependent attack vectors...

7.5CVSS7AI score0.01616EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/09 12:0 a.m.7 views

Comparing Classical and Quantum Conditional Disclosure of Secrets

The conditional disclosure of secrets CDS setting is among the most basic primitives studied in information-theoretic cryptography. Motivated by a connection to non-local quantum computation and position-based cryptography, CDS with quantum resources has recently been considered. Here, we study t...

6.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/05/07 12:48 p.m.11 views

python-werkzeug: cookie prefixed with = can shadow unprefixed cookie

A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...

3.5CVSS7.1AI score0.00507EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/05/06 12:0 a.m.8 views

The vulnerability of the Arrays.equals() method in the Apache Hive database, which allows an attacker to cause a service failure.

The vulnerability of the Arrays.equals method in the Apache Hive database is related to manipulating unknown inputs, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow an attacker to cause service failures...

6.8CVSS5.4AI score0.01131EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2025/03/28 3:15 a.m.3 views

DEBIAN-CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

7.5CVSS7.3AI score0.00345EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/03/28 2:5 a.m.10 views

CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

7.5CVSS7.3AI score0.00345EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/27 3:10 a.m.5 views

SUSE CVE-2022-49191

In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike, we return an error. Provided -shutdown is not called when -activate fails, nothing actually frees the buffer in this case. Fix this...

5.5CVSS6.8AI score0.00259EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/02/27 3:2 a.m.2 views

SUSE CVE-2022-49706

In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefsiomapbegin for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent an IO, but the iomap...

7.1CVSS6.7AI score0.00252EPSS
Exploits0References3
Rows per page
Query Builder