7351 matches found
Bosch Security Systems IP Cameras NXP Chip Side-Channel Key Extraction (CVE-2021-3011)
Several Bosch IP cameras are built on a hardware platform that uses an NXP SmartMX/P5x secure element affected by an electromagnetic-wave side-channel vulnerability. An attacker with extended physical access to the device could recover the ECDSA private key and clone the device. The issue resides...
CVE-2026-54411
A flaw was found in Linux-PAM's pamuserdb module. This vulnerability, categorized as an Observable Timing Discrepancy CWE-208, allows a local or network-adjacent attacker to recover plaintext passwords. By repeatedly attempting authentication and measuring response-timing differences during...
Debian dla-4556 : dovecot-auth-lua - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...
CVE-2026-54411
Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...
CVE-2026-54411
Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...
SUSE SLES12 Security Update : memcached (SUSE-SU-2026:2292-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2292-1 advisory. This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username...
SUSE SLES15 Security Update : memcached (SUSE-SU-2026:2293-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2293-1 advisory. This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication...
Updated memcached packages fix security vulnerabilities
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass. CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side...
MGASA-2026-0203 Updated memcached packages fix security vulnerabilities
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass. CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side...
Linux Distros Unpatched Vulnerability : CVE-2026-48859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing...
EEF-CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration
Summary Observable Timing Discrepancy vulnerability in Erlang/OTP ssh ssh\auth, ssh\options modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user\passwords or password option,...
CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...
CVE-2026-48859
The CVE affects Erlang/OTP’s SSH server (ssh_auth and ssh_options) in OTP prior to 29.0.2 (SSH 6.0.x before 6.0.1). When the daemon uses user_passwords or password options, ssh_auth:check_password/3 performs PBKDF2-SHA256 with 600,000 iterations (~300 ms) for valid usernames, but returns in ~0 ms...
Erlang/OTP 安全漏洞
Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP ssh versions prior to 6.0.0 had a security vulnerability. This vulnerability stemmed from the sshauth module’s use of...
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
CVE-2026-42768
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...
Security update for memcached
This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...
SUSE-SU-2026:2293-1 Security update for memcached
This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...
Security update for memcached
This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...