55 matches found
EUVD-2026-2725
lakeFS is Missing Timestamp Validation in S3 Gateway Authentication...
GHSA-F2PH-GC9M-Q55F lakeFS is Missing Timestamp Validation in S3 Gateway Authentication
Impact LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. An attacker who captures a valid signed request e.g., through network interception, logs, or compromised systems can replay that request until credentials are rotated, even after the reques...
EUVD-2010-1925
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-16411
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4....
rfc3161-client 数据伪造问题漏洞
rfc3161-client is a Trail of Bits open source software. A data forgery issue vulnerability exists in rfc3161-client versions prior to 1.0.3, which stems from a flaw in the timestamp response signature validation logic that could lead to insufficient signature validation...
CVE-2024-45244
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...
CVE-2025-2888
During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20...
PT-2024-31501 · Hyperledger · Hyperledger Fabric
Name of the Vulnerable Software and Affected Versions: Hyperledger Fabric versions 2.5.0 through 2.5.9 Description: The issue is related to Hyperledger Fabric not verifying that a request has a timestamp within the expected time window. This problem can be exploited due to the lack of proper...
Design/Logic Flaw
SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. This may lead to a SQL exception in applications,...
CVE-2023-40178 @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Summary The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. Details It was noticed that in the validatePostRequestAsync flow in saml.js, the current timestamp is never checked. This could present a...
PT-2023-27307 · Node-Saml · Node-Saml
Name of the Vulnerable Software and Affected Versions: Node-SAML versions prior to 4.0.5 Description: The lack of checking of the current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they wou...
K71245322: NTP vulnerability CVE-2015-8138
Security Advisory Description NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. CVE-2015-8138 Impact An attacker may be able to disable time synchronization with the server or push...
Overflow/Underflow in interest calculation caused by lack of timestamp validation in _getInterest() & _getRemainingInterest() function
Lines of code Vulnerability details Impact An attacker could manipulate the last timestamp of a lien in the stack struct to cause an underflow or overflow in the interest calculation. This could result in an incorrect interest amount being calculated, which could lead to incorrect payments being...
function underwritePriceForCollateral() uses message.timestamp > block.timestamp to validate oracle message timestamp but it can create MEV as miners can control block.timestamp and revert some of the user's transactions
Lines of code Vulnerability details Impact Function underwritePriceForCollateral validates the oracle message which includes the price of the NFT and returns the price of an asset from a signed oracle message. to check the validity of the message's timestamp code checks that if...
Insufficient Timestamp Validation for Signed Messages
Lines of code Vulnerability details Impact A message can be signed by the oracle for any future point in time, and it will be valid for 20 minutes. If messages with invalid timestamps pointing to the future get signed, there is no way of invalidating them. A compromised or malfunctioning oracle...
there is no check for ensure closeTimestamp is not bigger than timestamp
Lines of code Vulnerability details Impact logic issue Proof of Concept if closeTimestamp be bigger than timestamp logic will break, there is no check Tools Used Recommended Mitigation Steps check that closeTimestamp is not bigger than timestamp --- The text was updated successfully, but these...
ChainLink latestRoundData data may be stale
Originally submitted by warden 0xkatana in 63, duplicate of 17. ChainLink latestRoundData data may be stale Impact The Chainlink API latestRoundData function returns price data with other timestamp and round data. The timestamp and round data should be validated to confirm the data is not stale...
keycloak: X509 Direct Grant Auth does not verify certificate timestamp validity
A flaw was found in keycloak. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity...
keycloak: X509 Direct Grant Auth does not verify certificate timestamp validity
A flaw was found in keycloak. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity...