EUVD-2006-4643

Malware in sbrugna...

PT-2025-23956 · Unknown +4 · Gnu C Library +4

Name of the Vulnerable Software and Affected Versions: GNU C Library versions 2.39 and later Description: The issue arises from the strcmp implementation optimized for the Power10 processor, which writes to vector registers v20 to v31 without saving the contents from the caller. This can lead to...

CVE-2024-52879

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2024-52879

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2024-25714

CVE-2024-25714 affects Rhonabwy up to 1.1.13. The HMAC signature verification uses a strcmp-based comparison that can leak timing information via a side-channel, as it stops at the first difference. The documented fix replaces this with a constant-time function (gnutls_memcmp). No exploitation de...

CVE-2022-4499 The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...