63 matches found
postgresql:16 security update
An update is available for postgres-decoderbufs, module.postgres-decoderbufs, postgresql, module.pgaudit, module.pgrepack, pgaudit, pgrepack, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
ALSA-2026:27741 Important: postgresql security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite...
CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
h3 has an observable timing discrepancy in basic auth utils
Summary A Timing Side-Channel vulnerability exists in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity...
EUVD-2020-29730
Malware in sbrugna...
EUVD-2025-25168
Malicious code in bioql PyPI...
GHSA-J5PR-VRJJ-9V4H Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-6386
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-6386 Timing Attack Vulnerability in parisneo/lollms
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-6386 Timing Attack Vulnerability in parisneo/lollms
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-48952
NetAlertX (pre-25.6.7) contains an authentication bypass vulnerability in the PHP login check. The issue arises from a loose comparison using the == operator in front/index.php (line 40), which allows specially crafted SHA-256 magic hashes to bypass password verification. Hash values starting wit...
CVE-2024-5124
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
CVE-2024-5124
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
CVE-2024-5124
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
CVE-2024-5124
CVE-2024-5124 affects gaizhenbiao/chuanhuchatgpt (version 20240310) with a timing-attack in the password comparison logic that uses the Python '=' operator. An attacker could infer correct passwords by measuring per-character comparison timing, potentially exposing credentials. The root cause is ...
CVE-2024-5124 Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
CVE-2024-5124 Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
ChuanhuChatGPT Information Disclosure Vulnerability
ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and other LLMs. ChuanhuChatGPT suffers from an information disclosure vulnerability that stems from a timing attack vulnerability in the password comparison logic...
PT-2024-34569 · Unknown · Gaizhenbiao/Chuanhuchatgpt
Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240310 Description: A timing attack vulnerability exists in the password comparison logic of the gaizhenbiao/chuanhuchatgpt repository. The vulnerability arises from the use of the '=' operator in Python f...