CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

GO-2023-2375 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

Google Go Security Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Google Go versions prior to 1.20, which stems from the fact that deleting PKCS1 padding can lead to the disclosure of timing information, which...

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle AitM scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2...

Apache Superset < 2.1.0 Secure Session Key

The version of Apache Superset installed on the remote host is affected a potential unsecure session key vulnerability. Installations that have not altered the default configured SECRETKEY according to the installation instructions, or that use a predictable key phrase, would allow for an...

CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...

CVE-2022-24400

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

CVE-2022-24400

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

Authentication flaw

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

CVE-2022-24400 DCK pinning attack in TETRA

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

CVE-2022-24400 DCK pinning attack in TETRA

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

CVE-2023-38907

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key...

CVE-2023-38907

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key...

Information disclosure

An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function...

PT-2023-26679 · Tp Link · Tapo Application +4

Name of the Vulnerable Software and Affected Versions: TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.2.3 TPLink Smart Bulb Tapo series L510E versions 1.0.0 through 1.0.9 TPLink Smart Bulb Tapo series L630 versions 1.0.0 through 1.0.3 TPLink Smart Bulb Tapo series P100 versions 1.0.0...

CVE-2023-38907

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key...

TP-LINK Smart bulb Tapo series security vulnerability

TP-LINK Smart bulb Tapo series is a series of multi-color smart Wi-Fi bulbs from China P&L TP-LINK. A security vulnerability exists in TPLink Smart bulb Tapo series L530 v.1.0.0, Tapo Application v.2.8.14. A remote attacker could exploit the vulnerability to obtain sensitive information via the...

PT-2023-12748 · Tetra · Tetra

Name of the Vulnerable Software and Affected Versions: TETRA affected versions not specified Description: A flaw in the TETRA authentication procedure allows a Man-In-The-Middle MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. This issue does not specify the...

Statamic 4.7.0 - File Inclusion Vulnerability

Title: Statamic 4.7.0 - File-Inclusion Author: nu11secur1ty Vendor: https://statamic.com/ Software: https://demo.statamic.com/ Reference: https://portswigger.net/web-security/file-upload Description: The statamic-4.7.0 suffers from file inclusion - file upload vulnerability. The attacker can uplo...