169 matches found
PYSEC-2021-855
Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...
Design/Logic Flaw
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...
UBUNTU-CVE-2021-34141
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...
CVE-2021-34141
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...
CVE-2021-34141
CVE-2021-34141 affects NumPy (numpy.core); the issue is an incomplete string comparison in versions prior to 1.22.0, potentially enabling a DoS via crafted input. Vendor notes describe the behavior as harmless, and no exploit details are provided in the sources beyond the vulnerability descriptio...
CVE-2021-34141
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...
PT-2021-23314 · Cvxopt +2 · Cvxopt +2
Name of the Vulnerable Software and Affected Versions: cvxopt version 1.2.6 and earlier Description: The issue is related to an incomplete string comparison vulnerability in certain APIs, specifically cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, and cvxopt.cholmod.spsolve...
The vulnerability of the SysController and MailHandlerController components of the Redmine project and task management web application, related to the disclosure of information due to incompatibility, allows a hacker to gain access to confidential data.
The vulnerability of the SysController and MailHandlerController components in the Redmine project and task management web application is related to changes in the time required for string comparison operations. Exploiting this vulnerability could allow a malicious actor to gain access to...
CVE-2021-3797
hestiacp is vulnerable to Use of Wrong Operator in String Comparison...
Design/Logic Flaw
hestiacp is vulnerable to Use of Wrong Operator in String Comparison...
CVE-2021-3797 Use of Wrong Operator in String Comparison in hestiacp/hestiacp
hestiacp is vulnerable to Use of Wrong Operator in String Comparison...
CVE-2021-3797
The CVE-2021-3797 entry for hestiacp has concrete technical details in connected data: in huntr’s description of hestiacp/hestiacp, a CSRF token check uses the != operator to compare $_SESSION["token"] with $_GET["token"] in index.php. This type juggling can bypass the CSRF token, enabling CSRF a...
FreeBSD : Prosody -- multiple vulnerabilities (fc75570a-b417-11eb-a23d-c7ab331fd711)
The Prosody security advisory 2021-05-12 reports : This advisory details 5 new security vulnerabilities discovered in the Prosody.im XMPP server software. All issues are fixed in the 0.11.9 release default configuration. - CVE-2021-32918: DoS via insufficient memory consumption controls -...
PT-2021-7477 · Numpy +4 · Numpy +4
Name of the Vulnerable Software and Affected Versions: NumPy versions prior to 1.22.0 NumPy versions 1.9.x Description: The issue is related to an incomplete string comparison in the numpy.core component, which allows attackers to trigger slightly incorrect copying by constructing specific string...
CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
Design/Logic Flaw
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
Design/Logic Flaw
In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...
Information Disclosure
djangobasicauthipwhitelist is vulnerable to information disclosure. The vulnerability exists through a timing attack through the applied string comparison function when basic authentication is used...
httpd: mod_http2: read-after-free on a string compare
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...