929 matches found
CVE-2024-6056
CVE-2024-6056 affects nasirkhan Laravel Starter up to 11.8.0, targeting the Password Reset Handler’s /forgot-password endpoint. The issue arises from manipulating the Email parameter, producing observable response discrepancies. Attack may be launched remotely; the CVE notes high complexity and d...
CVE-2024-6056 nasirkhan Laravel Starter Password Reset forgot-password observable response discrepancy
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...
CVE-2024-6056 nasirkhan Laravel Starter Password Reset forgot-password observable response discrepancy
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...
CVE-2024-38465
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error...
OpenSSL 0.9.6 < 0.9.6i Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.6i. It is, therefore, affected by a vulnerability as referenced in the 0.9.6i advisory. - ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher...
Observable Timing Discrepancy
Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster...
Observable Timing Discrepancy in pypqc
Impact kyber512, kyber768, and kyber1024 on Mac OS \or when compiled with clang\ only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a...
CVE-2020-35165
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...
CVE-2020-35165
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...
Observable Discrepancy
neos/flow is vulnerable to Observable Discrepancy . The vulnerability is due to observable timing differences within the PersistedUsernamePasswordProvider. An attacker can determine whether an account exists based on the timing of the response, because the hash is only generated if an account was...
CVE-2020-35165
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...
CVE-2020-35165
Dell BSAFE Crypto-C Micro Edition prior to 4.1.5 and Dell BSAFE Micro Edition Suite prior to 4.6 contain an Observable Timing Discrepancy vulnerability. The issue arises from how the software handles certain input, enabling a timing-based leakage of protected information. Affected products are De...
RHEL 8 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0017 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Observable Timing Discrepancy
1Panel is vulnerable to Observable Timing Discrepancy. The vulnerability is due to the use of != for comparisons of cryptographically sensitive password verification operations, rather than hmac.Equal. This can lead to timing attack vulnerability...
Observable Discrepancy
Overview Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin. Note: The implemented fix mitigates the leakage of data via the PKCS1 interface, but does not fully...
Observable Discrepancy
Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin. Note: The...
CVE-2024-29296
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-51437 The below vulnerability have been addressed. Vulnerability Details CVEID:CVE-2023-51437 DESCRIPTION: Apache Pulsar could allow a remote attacker to bypass security restrictions, caused...
CVE-2024-1145 Observable Response Discrepancy at Alma Devklan Blog
User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response...
CVE-2024-2482
A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...