Lucene search
+L

407 matches found

Prion
Prion
added 2024/01/19 10:15 p.m.25 views

Code injection

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5CVSS7.2AI score0.00489EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/19 9:26 p.m.3 views

CVE-2024-23688 Consensys Discovery Nonce Reuse

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5.6AI score0.00489EPSS
Exploits0References3
OSV
OSV
added 2024/01/19 9:26 p.m.15 views

CVE-2024-23688 Consensys Discovery Nonce Reuse

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5.3CVSS6.1AI score0.00489EPSS
Exploits0References6
NVD
NVD
added 2023/12/05 5:15 p.m.24 views

CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

7.5CVSS0.0125EPSS
Exploits0References6
OSV
OSV
added 2023/12/05 5:15 p.m.8 views

AZL-37310 CVE-2023-45287 affecting package golang for versions less than 1.21.6-1

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

7.5CVSS6.8AI score0.0125EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/12/05 5:15 p.m.54 views

CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

7.5CVSS6.7AI score0.0125EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/12/05 4:18 p.m.43 views

CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

7.5CVSS6.8AI score0.0125EPSS
Exploits0
OSV
OSV
added 2023/12/05 4:16 p.m.30 views

GO-2023-2375 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

7.5CVSS6.5AI score0.0125EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/05 12:0 a.m.7 views

Google Go Security Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Google Go versions prior to 1.20, which stems from the fact that deleting PKCS1 padding can lead to the disclosure of timing information, which...

7.5CVSS6.5AI score0.0125EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/12/04 1:16 p.m.73 views

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle AitM scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2...

6.8CVSS7.2AI score0.01297EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/12/01 12:0 a.m.34 views

Apache Superset < 2.1.0 Secure Session Key

The version of Apache Superset installed on the remote host is affected a potential unsecure session key vulnerability. Installations that have not altered the default configured SECRETKEY according to the installation instructions, or that use a predictable key phrase, would allow for an...

9.8CVSS8.5AI score0.97405EPSS
Exploits20References4
OSV
OSV
added 2023/10/31 12:0 a.m.23 views

CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...

6.3CVSS6.3AI score0.00287EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/10/19 10:15 a.m.5 views

CVE-2022-24400

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

7.5CVSS7.1AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2023/10/19 10:15 a.m.27 views

CVE-2022-24400

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

7.5CVSS8.1AI score0.0027EPSS
Exploits0References1
Prion
Prion
added 2023/10/19 10:15 a.m.111 views

Authentication flaw

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

3.2CVSS7.1AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/19 9:33 a.m.282 views

CVE-2022-24400 DCK pinning attack in TETRA

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

7.5CVSS6.8AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/19 9:33 a.m.41 views

CVE-2022-24400 DCK pinning attack in TETRA

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

7.5CVSS8AI score0.0027EPSS
Exploits0References1
OSV
OSV
added 2023/09/25 11:15 p.m.5 views

CVE-2023-38907

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key...

7.5CVSS5.9AI score0.00694EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/09/25 11:15 p.m.8 views

CVE-2023-38907

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key...

7.5CVSS5.8AI score0.00694EPSS
Exploits0References5
Prion
Prion
added 2023/09/25 11:15 p.m.23 views

Information disclosure

An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function...

5CVSS7.3AI score0.00694EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder