Lucene search
K

169 matches found

OSV
OSV
added 2021/12/17 7:15 p.m.59 views

PYSEC-2021-855

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...

5.3CVSS5.3AI score0.01561EPSS
Exploits1References2
Prion
Prion
added 2021/12/17 7:15 p.m.22 views

Design/Logic Flaw

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

5CVSS5.5AI score0.01561EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2021/12/17 7:15 p.m.2 views

UBUNTU-CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

5.3CVSS6.8AI score0.01561EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/12/17 6:43 p.m.28 views

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

6AI score0.01561EPSS
Exploits1References2
CVE
CVE
added 2021/12/17 6:43 p.m.289 views

CVE-2021-34141

CVE-2021-34141 affects NumPy (numpy.core); the issue is an incomplete string comparison in versions prior to 1.22.0, potentially enabling a DoS via crafted input. Vendor notes describe the behavior as harmless, and no exploit details are provided in the sources beyond the vulnerability descriptio...

5.3CVSS5.5AI score0.01561EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2021/12/17 6:43 p.m.35 views

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

5.3CVSS5.8AI score0.01561EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/12/17 12:0 a.m.3 views

PT-2021-23314 · Cvxopt +2 · Cvxopt +2

Name of the Vulnerable Software and Affected Versions: cvxopt version 1.2.6 and earlier Description: The issue is related to an incomplete string comparison vulnerability in certain APIs, specifically cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, and cvxopt.cholmod.spsolve...

8.7CVSS6.5AI score0.01184EPSS
Exploits1References22
BDU FSTEC
BDU FSTEC
added 2021/11/02 12:0 a.m.6 views

The vulnerability of the SysController and MailHandlerController components of the Redmine project and task management web application, related to the disclosure of information due to incompatibility, allows a hacker to gain access to confidential data.

The vulnerability of the SysController and MailHandlerController components in the Redmine project and task management web application is related to changes in the time required for string comparison operations. Exploiting this vulnerability could allow a malicious actor to gain access to...

5.3CVSS5.9AI score0.01215EPSS
Exploits0References8Affected Software3
OSV
OSV
added 2021/09/15 1:15 p.m.19 views

CVE-2021-3797

hestiacp is vulnerable to Use of Wrong Operator in String Comparison...

9.8CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2021/09/15 1:15 p.m.18 views

Design/Logic Flaw

hestiacp is vulnerable to Use of Wrong Operator in String Comparison...

7.5CVSS9.4AI score0.01111EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/09/15 1:5 p.m.29 views

CVE-2021-3797 Use of Wrong Operator in String Comparison in hestiacp/hestiacp

hestiacp is vulnerable to Use of Wrong Operator in String Comparison...

4.8CVSS9.7AI score0.01111EPSS
Exploits1References2
CVE
CVE
added 2021/09/15 1:5 p.m.49 views

CVE-2021-3797

The CVE-2021-3797 entry for hestiacp has concrete technical details in connected data: in huntr’s description of hestiacp/hestiacp, a CSRF token check uses the != operator to compare $_SESSION["token"] with $_GET["token"] in index.php. This type juggling can bypass the CSRF token, enabling CSRF a...

9.8CVSS7.2AI score0.01111EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/05/14 12:0 a.m.34 views

FreeBSD : Prosody -- multiple vulnerabilities (fc75570a-b417-11eb-a23d-c7ab331fd711)

The Prosody security advisory 2021-05-12 reports : This advisory details 5 new security vulnerabilities discovered in the Prosody.im XMPP server software. All issues are fixed in the 0.11.9 release default configuration. - CVE-2021-32918: DoS via insufficient memory consumption controls -...

7.8CVSS6.4AI score0.02261EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/05/12 12:0 a.m.3 views

PT-2021-7477 · Numpy +4 · Numpy +4

Name of the Vulnerable Software and Affected Versions: NumPy versions prior to 1.22.0 NumPy versions 1.9.x Description: The issue is related to an incomplete string comparison in the numpy.core component, which allows attackers to trigger slightly incorrect copying by constructing specific string...

5.5CVSS6.4AI score0.01561EPSS
Exploits4References36
OSV
OSV
added 2021/04/28 7:15 a.m.19 views

CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5.3CVSS6.8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/04/28 7:15 a.m.25 views

CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5.3CVSS6.1AI score0.01215EPSS
Exploits0References3
Prion
Prion
added 2021/04/28 7:15 a.m.15 views

Design/Logic Flaw

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5CVSS5.6AI score0.01215EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2020/06/24 1:15 p.m.16 views

Design/Logic Flaw

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...

2.1CVSS4.1AI score0.00355EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/06/24 4:0 a.m.20 views

Information Disclosure

djangobasicauthipwhitelist is vulnerable to information disclosure. The vulnerability exists through a timing attack through the applied string comparison function when basic authentication is used...

2.4CVSS2AI score0.00355EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/06/22 1:8 p.m.5 views

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

5.3CVSS7AI score0.193EPSS
Exploits0References6
Rows per page
Query Builder