Lucene search
K

7351 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.14 views

Bosch Security Systems IP Cameras NXP Chip Side-Channel Key Extraction (CVE-2021-3011)

Several Bosch IP cameras are built on a hardware platform that uses an NXP SmartMX/P5x secure element affected by an electromagnetic-wave side-channel vulnerability. An attacker with extended physical access to the device could recover the ECDSA private key and clone the device. The issue resides...

4.2CVSS5.5AI score0.00196EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/16 12:57 p.m.9 views

CVE-2026-54411

A flaw was found in Linux-PAM's pamuserdb module. This vulnerability, categorized as an Observable Timing Discrepancy CWE-208, allows a local or network-adjacent attacker to recover plaintext passwords. By repeatedly attempting authentication and measuring response-timing differences during...

8.2CVSS5.2AI score0.00321EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.10 views

Debian dla-4556 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...

7.5CVSS5.5AI score0.0079EPSS
Exploits6References18
Cvelist
Cvelist
added 2026/06/14 5:21 p.m.30 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS0.00321EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/14 5:21 p.m.8 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.3AI score0.00321EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

SUSE SLES12 Security Update : memcached (SUSE-SU-2026:2292-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2292-1 advisory. This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username...

8.1CVSS5.4AI score0.01312EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.11 views

SUSE SLES15 Security Update : memcached (SUSE-SU-2026:2293-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2293-1 advisory. This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication...

8.1CVSS5.4AI score0.01312EPSS
Exploits0References7
Mageia
Mageia
added 2026/06/12 11:28 p.m.17 views

Updated memcached packages fix security vulnerabilities

CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass. CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side...

8.1CVSS5.4AI score0.01312EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 11:28 p.m.9 views

MGASA-2026-0203 Updated memcached packages fix security vulnerabilities

CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass. CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side...

8.1CVSS5.2AI score0.01312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-48859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 2:35 p.m.10 views

EEF-CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration

Summary Observable Timing Discrepancy vulnerability in Erlang/OTP ssh ssh\auth, ssh\options modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user\passwords or password option,...

6.3CVSS5.6AI score0.00354EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/10 2:35 p.m.7 views

CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References5
CVE
CVE
added 2026/06/10 2:35 p.m.26 views

CVE-2026-48859

The CVE affects Erlang/OTP’s SSH server (ssh_auth and ssh_options) in OTP prior to 29.0.2 (SSH 6.0.x before 6.0.1). When the daemon uses user_passwords or password options, ssh_auth:check_password/3 performs PBKDF2-SHA256 with 600,000 iterations (~300 ms) for valid usernames, but returns in ~0 ms...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP ssh versions prior to 6.0.0 had a security vulnerability. This vulnerability stemmed from the sshauth module’s use of...

6.3CVSS5.4AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.33 views

CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

0.0035EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.9 views

CVE-2026-42768

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

3.7CVSS5.5AI score0.0035EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/09 9:50 a.m.17 views

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...

5.6AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/06/08 8:53 a.m.9 views

Security update for memcached

This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...

8.1CVSS5.5AI score0.01312EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 8:52 a.m.8 views

SUSE-SU-2026:2293-1 Security update for memcached

This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...

8.1CVSS5.5AI score0.01312EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/06/08 8:51 a.m.10 views

Security update for memcached

This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...

8.1CVSS5.5AI score0.01312EPSS
Exploits0References8
Rows per page
Query Builder