CURL-CVE-2023-27534 SFTP path ~ resolving discrepancy

curl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde character as the first path element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the once proposed to-become RFC...

Potential Risk of Accidentally Minting Tokens to Incorrect Accounts

Lines of code Vulnerability details Impact 1. the Intended recipient of the tokens might not receive them, which could lead to a loss of funds or a delay in the intended use of the tokens 2. incorrect account holder could receive the tokens by mistake, leading to a discrepancy in the total token...

Observable Response Discrepancy

vantage6server is vulnerable to Observable Response Discrepancy. The vulnerability exists because the login requirement is not properly implemented which allows an attacker to brute force password and observe a valid username response...

GHSA-C6WG-CM5X-RQVJ OpenSearch has time discrepancy in authentication responses

Impact There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider IdP, and not other externally configured IdPs. Patches OpenSearch 1.3.9...

OpenSearch has time discrepancy in authentication responses

Impact There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider IdP, and not other externally configured IdPs. Patches OpenSearch 1.3.9...

CVE-2023-25806

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

Authorization

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

CVE-2022-39228 Observable Response Discrepancy in vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

GHSA-36GX-9Q6H-G429 vantage6 vulnerable to Observable Response Discrepancy

Impact We are incorporating the password policies listed in https://github.com/vantage6/vantage6/issues/59. One measure is that we don't let the user know in case of wrong username/password combination if the username actually exists, to prevent that bots can guess usernames. However, if a wrong...

Observable Timing Discrepancy in Login Portal

Description An observable discrepancy in response times is present in the login portal. When brute forcing valid email accounts, the timing on a valid account is significantly higher than that of an invalid user account. This is likely due to the use of Bcrypt's compare function being utilized by...

K32562936: Intel CPU vulnerabilities CVE-2020-24511 and CVE-2020-24512

Security Advisory Description CVE-2020-24511 Improper isolation of shared resources in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-24512 Observable timing discrepancy in some IntelR Processors may allow an...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.52 security update

Red Hat OpenShift Container Platform release 4.10.52 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

SUSE CVE-2017-7551

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts...

SUSE CVE-2020-24512

Observable timing discrepancy in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

SUSE CVE-2021-0086

Observable response discrepancy in floating-point operations for some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

SUSE CVE-2021-0089

Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

Wago PFC100/200 Web-Based Management Authentication Timing Information Disclosure (CVE-2019-5135)

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...