CVE-2023-51437

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

CVE-2023-51437

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

CVE-2023-51437

This CVE (CVE-2023-51437) concerns an observable timing discrepancy in the Apache Pulsar SASL Authentication Provider that could allow forging a SASL Role Token passing signature verification. Affected products/components include Pulsar Broker, Proxy, Websocket Proxy, and Function Worker. Root ca...

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame...

CVE-2021-21575

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability...

CVE-2021-21575

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability...

CVE-2021-21575

CVE-2021-21575 affects Dell BSAFE Micro Edition Suite, versions prior to 4.5.2. The vulnerability is described as an Observable Timing Discrepancy leading to information disclosure. Public sources in connected documents corroborate: vulnerable component is the Dell BSAFE Micro Edition Suite, with...

CVE-2021-21575

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability...

PT-2024-10874 · Dell · Dell Bsafe Micro Edition Suite

Name of the Vulnerable Software and Affected Versions: Dell BSAFE Micro Edition Suite versions prior to 4.5.2 Description: The issue is related to an Observable Timing Discrepancy. No information is provided about the estimated number of potentially affected devices worldwide or real-world...

RHCOS 4 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0697 advisory. - SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 - jenkins: Observable timing discrepancy allows...

CVE-2024-21484

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

Spoofing

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

CVE-2024-21484

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

CVE-2024-21484

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

CVE-2024-21484

CVE-2024-21484 affects the jsrsasign JavaScript library prior to 11.0.0, where an observable discrepancy in RSA PKCS#1.5 or RSAOAEP decryption can allow an attacker to decrypt ciphertexts. The attack requires access to a large number of ciphertexts encrypted with the same key (Marvin attack). The...

jsrsasign Security Vulnerabilities

The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 11.0.0, which stems from the susceptibility to Observable Discrepancy in the decryption process of RSA PKCS1.5 or...

Mitsubishi Electric Factory Automation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : Multiple Factory Automation Products Vulnerabilities : Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type 'Type Confusion'...

CVE-2023-41097

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

CVE-2023-41097

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

Buffer overflow

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...