GnuTLS security vulnerabilities

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the fact that the PKCS7 padding check does not occur at a constant time during decryptio...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. TCPDF version before 6.8.0 has a security vulnerability , the vulnerability stems from unserializeTCPDFtag use "! =" and does not use the constant-time function to compare TCPDF tag hashes...

PT-2023-28174 · Jenkins · Jenkins Google Login Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Login Plugin versions 1.7 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected token are equal. This potentially allows attackers to...