Lucene search
K

55 matches found

EUVD
EUVD
added 2026/01/15 9:14 p.m.5 views

EUVD-2026-2725

lakeFS is Missing Timestamp Validation in S3 Gateway Authentication...

6.5CVSS6.4AI score0.00239EPSS
Exploits1References5
OSV
OSV
added 2026/01/15 9:14 p.m.2 views

GHSA-F2PH-GC9M-Q55F lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

Impact LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. An attacker who captures a valid signed request e.g., through network interception, logs, or compromised systems can replay that request until credentials are rotated, even after the reques...

6.5CVSS6.8AI score0.00239EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-1925

Malware in sbrugna...

7.2CVSS6.4AI score0.04025EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-16411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4....

9.8CVSS8.3AI score0.02027EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/21 12:0 a.m.1 views

rfc3161-client 数据伪造问题漏洞

rfc3161-client is a Trail of Bits open source software. A data forgery issue vulnerability exists in rfc3161-client versions prior to 1.0.3, which stems from a flaw in the timestamp response signature validation logic that could lead to insufficient signature validation...

9.3CVSS6.3AI score0.00147EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.5 views

CVE-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

5.3CVSS6.2AI score0.00589EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/29 10:44 p.m.19 views

CVE-2025-2888

During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20...

5.7CVSS7.4AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.4 views

PT-2024-31501 · Hyperledger · Hyperledger Fabric

Name of the Vulnerable Software and Affected Versions: Hyperledger Fabric versions 2.5.0 through 2.5.9 Description: The issue is related to Hyperledger Fabric not verifying that a request has a timestamp within the expected time window. This problem can be exploited due to the lack of proper...

5.3CVSS6.1AI score0.00589EPSS
Exploits0References16
Prion
Prion
added 2023/12/26 11:15 p.m.18 views

Design/Logic Flaw

SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. This may lead to a SQL exception in applications,...

5CVSS7.6AI score0.00616EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/08/23 8:15 p.m.19 views

CVE-2023-40178 @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...

5.3CVSS5.4AI score0.00398EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/08/21 8:13 p.m.28 views

@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError

Summary The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. Details It was noticed that in the validatePostRequestAsync flow in saml.js, the current timestamp is never checked. This could present a...

5.3CVSS6.3AI score0.00398EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.7 views

PT-2023-27307 · Node-Saml · Node-Saml

Name of the Vulnerable Software and Affected Versions: Node-SAML versions prior to 4.0.5 Description: The lack of checking of the current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they wou...

5.3CVSS5AI score0.00398EPSS
Exploits0References8
F5 Networks
F5 Networks
added 2023/02/21 7:50 p.m.48 views

K71245322: NTP vulnerability CVE-2015-8138

Security Advisory Description NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. CVE-2015-8138 Impact An attacker may be able to disable time synchronization with the server or push...

5.3CVSS6.5AI score0.06255EPSS
Exploits2Affected Software20
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.13 views

Overflow/Underflow in interest calculation caused by lack of timestamp validation in _getInterest() & _getRemainingInterest() function

Lines of code Vulnerability details Impact An attacker could manipulate the last timestamp of a lien in the stack struct to cause an underflow or overflow in the interest calculation. This could result in an incorrect interest amount being calculated, which could lead to incorrect payments being...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.7 views

function underwritePriceForCollateral() uses message.timestamp > block.timestamp to validate oracle message timestamp but it can create MEV as miners can control block.timestamp and revert some of the user's transactions

Lines of code Vulnerability details Impact Function underwritePriceForCollateral validates the oracle message which includes the price of the NFT and returns the price of an asset from a signed oracle message. to check the validity of the message's timestamp code checks that if...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/20 12:0 a.m.13 views

Insufficient Timestamp Validation for Signed Messages

Lines of code Vulnerability details Impact A message can be signed by the oracle for any future point in time, and it will be valid for 20 minutes. If messages with invalid timestamps pointing to the future get signed, there is no way of invalidating them. A compromised or malfunctioning oracle...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.9 views

there is no check for ensure closeTimestamp is not bigger than timestamp

Lines of code Vulnerability details Impact logic issue Proof of Concept if closeTimestamp be bigger than timestamp logic will break, there is no check Tools Used Recommended Mitigation Steps check that closeTimestamp is not bigger than timestamp --- The text was updated successfully, but these...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.16 views

ChainLink latestRoundData data may be stale

Originally submitted by warden 0xkatana in 63, duplicate of 17. ChainLink latestRoundData data may be stale Impact The Chainlink API latestRoundData function returns price data with other timestamp and round data. The timestamp and round data should be validated to confirm the data is not stale...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/09/14 12:37 p.m.2 views

keycloak: X509 Direct Grant Auth does not verify certificate timestamp validity

A flaw was found in keycloak. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity...

5.4CVSS5.7AI score0.00292EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/09/14 12:37 p.m.11 views

keycloak: X509 Direct Grant Auth does not verify certificate timestamp validity

A flaw was found in keycloak. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity...

5.4CVSS5.7AI score0.00292EPSS
Exploits0References4
Rows per page
Query Builder