SUSE SLES12 Security Update : postgresql18 (SUSE-SU-2026:1946-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1946-1 advisory. This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE...

H3 安全漏洞

H3 is an open-source HTTP framework developed by H3. Versions of H3 from 2.0.1-beta.0 to 2.0.0-rc.8 contain security vulnerabilities. These vulnerabilities stem from the use of insecure string comparisons in the requireBasicAuth function, which may lead to timing side-channel attacks...

NocoDB 安全漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 contained a security vulnerability. This vulnerability stemmed from storing shared view passwords as...

Timing Attack

Dragonfly is vulnerable to Timing Attack. The vulnerability is due to the use of simple string comparisons in the Proxy feature’s access control mechanism, which allows an attacker to guess the password one character at a time by analyzing response time variations...

EUVD-2025-34730

Mattermost has an Observable Timing Discrepancy vulnerability...

CVE-2025-54499 Insecure string comparison enables timing attacks

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

EUVD-2025-29771

Malicious code in bioql PyPI...

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’...

Stack Overflow

ChakraCore is vulnerable to stack buffer overflow. The vulnerability is due to the Collator object, which can result in a stack overflow during string comparisons resulting in an application crash...

CLSA-2022-1669238963 xterm: Fix of CVE-2022-45063

CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...

The vulnerability of the _convert_from_str() function in the numpy.core module of the NumPy library allows a hacker to initiate data copying.

The vulnerability of the convertfromstr function in the numpy.core module of the NumPy library for Python is related to incorrect string comparisons. Exploiting this vulnerability could allow a malicious actor to initiate data copying through specially created objects...

GoCD 安全漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that stems from the use of regular string comparisons to validate tokens instead of the constant time algorithm, which can be exploited by an attacker to brute-force GoCD server API calls...

Unspecified Vulnerability in NumPy (CNVD-2021-101680)

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrix calculations, as well as providing a large library of mathematical functions for data operations. A security vulnerability exists in NumPy 1.9 that stems from incomplete string...

Cvxopt 安全漏洞

Cvxopt is a freeware package for convex optimization based on the Python programming language. cvxopt A security vulnerability exists in cvxop 1.2.6 and earlier versions, which stems from incomplete string comparisons in the API. An attacker can use this vulnerability to conduct a denial of servi...

hestiacp 安全漏洞

hestiacp is a lightweight and powerful control panel for the modern web. A security vulnerability exists in hestiacp that stems from hestiacp's tendency to use incorrect operators in string comparisons...

DEBIAN-CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

UBUNTU-CVE-2017-2801

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to...

SuSE 11.1 Security Update : openSLP (SAT Patch Number 3312)

The openslp daemon could run into an endless loop when receiving specially crafted packets CVE-2010-3609. This has been fixed. Additionally the following non-security bugs were fixed : - 564504: Fix handling of DA answers if both active and passive DA detection is off - 597215: Add configuration...