CVE-2024-52879

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2024-52879

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2022-48971 Bluetooth: Fix not cleanup led when bt_init fails

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix not cleanup led when btinit fails btinit calls btledsinit to register led, but if it fails later, btledscleanup is not called to unregister it. This can cause panic if the argument "bluetooth-power" in text is free...

CVE-2024-35796

A flaw was found in the lltemac driver for networking in the Linux kernel, which incorrectly replaces the platformgetresource function with an inappropriate function. This issue could lead to incorrect resource handling, potentially resulting in system instability or crashes. Mitigation Mitigatio...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: platformgetresource replaced by wrong function The function platformgetresource was replaced with devmplatformioremapresourcebyname and is called using 0 as name. This eventually ends up in platformgetresourcebyname...

CVE-2024-35796 net: ll_temac: platform_get_resource replaced by wrong function

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: platformgetresource replaced by wrong function The function platformgetresource was replaced with devmplatformioremapresourcebyname and is called using 0 as name. This eventually ends up in platformgetresourcebyname...

CVE-2024-35796 net: ll_temac: platform_get_resource replaced by wrong function

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: platformgetresource replaced by wrong function The function platformgetresource was replaced with devmplatformioremapresourcebyname and is called using 0 as name. This eventually ends up in platformgetresourcebyname...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: platformgetresource replaced by wrong function The function platformgetresource was replaced with devmplatformioremapresourcebyname and is called using 0 as name. This eventually ends up in platformgetresourcebyname...

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

UBUNTU-CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

CVE-2024-25714

CVE-2024-25714 affects Rhonabwy up to 1.1.13. The HMAC signature verification uses a strcmp-based comparison that can leak timing information via a side-channel, as it stops at the first difference. The documented fix replaces this with a constant-time function (gnutls_memcmp). No exploitation de...

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

Authentication Bypass

Overview Affected versions of this package are vulnerable to Authentication Bypass due to the insecure use of strcmp. Remediation There is no fixed version for libjwt. References - Report - Vulnerable Code Credit: P3ngu1nW...

JWT C Library Security Vulnerability

JWT C Library is a JWT C library open source by Ben Collins. A security vulnerability exists in JWT C Library version 1.15.3, which stems from the use of strcmp to authenticate, resulting in an authentication bypass vulnerability...

PHP-JWT Security Vulnerability

PHP-JWT is a simple library for encoding and decoding JSON Web Tokens JWT in PHP, compliant with RFC 7519. A security vulnerability exists in PHP-JWT version 1.0.0, which stems from the use of strcmp to authenticate, resulting in an authentication bypass vulnerability...

CVE-2024-25189

libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

kernel: ASoC: pxa: fix null-pointer dereference in filter()

A flaw was found in the Linux kernel ASoC pxa audio driver. The function filter used kasprintf to allocate a formatted string but did not check whether the allocation succeeded before passing the result to strcmp. If memory allocation fails and kasprintf returns NULL, this results in a NULL point...

CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

CVE-2022-4499 The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...