EUVD-2020-24270

Malware in sbrugna...

CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

[SECURITY] Fedora 40 Update: perl-String-Compare-ConstantTime-0.321-19.fc40

This module provides one function, "equals", which works like perl's "eq", but which does not provide a timing side-channel. Such comparison is useful when matching against a secret string...

Fedora 41 : perl-String-Compare-ConstantTime (2025-5d61874568)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5d61874568 advisory. This release fixes CVE-2024-13939 leaking the length of a secret string Tenable has extracted the preceding description block directly from the Fedo...

CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

CVE-2024-13939

The connected Astra Linux bulletin cites a timing-attack vulnerability in the Mojolicious Perl component (secure_compare) and notes only versions after 1.74 are affected, aligning with CVE-2024-13939’s class of timing leaks. Fedora/Nessus entries confirm CVE-2024-13939 is addressed by updates to ...

CVE-2024-13939 String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

CVE-2024-13939 String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

PT-2025-13421 · Unknown +1 · String::Compare::Constanttime +1

Name of the Vulnerable Software and Affected Versions: String::Compare::ConstantTime versions prior to 0.322 Description: The issue allows an attacker to guess the length of a secret string through timing attacks. According to the documentation, if the lengths of the strings are different, the si...

ROS-20240603-02

A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the securecompare function of the...

CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

CVE-2021-40903

A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static...

Design/Logic Flaw

A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static...

CVE-2021-40903

CVE-2021-40903 affects Antminer Monitor 0.50.0 via a backdoor or misconfiguration in the Flask server settings file, where a secret string is predefined and static. This could enable improper access or governance issues due to static credentials embedded in the configuration. remediation availabl...

CVE-2021-40903

A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static...

UBUNTU-CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...