Lucene search
K

52 matches found

OSV
OSV
added 2025/01/21 9:21 p.m.16 views

GHSA-HMG4-WWM5-P999 Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes

Impact Based on an analysis of response codes and timing of Umbraco 14+ management API responses, it's possible to determine whether an account exists. Patches Patched in 14.3.2 and 15.1.2. Workarounds None available...

5.3CVSS5.1AI score0.01451EPSS
Exploits1References5
CVE
CVE
added 2025/01/21 3:27 p.m.120 views

CVE-2025-24011

Summary: CVE-2025-24011 affects Umbraco CMS (.NET). From 14.0.0 up to, but not including, 14.3.2 and 15.1.2, an attacker can determine whether an account exists by analyzing response codes and timing of the management API. Impact: information exposure; no availability/integrity impact claimed. Ve...

5.3CVSS5.3AI score0.01451EPSS
Exploits1References3Affected Software1
Schneier on Security
Schneier on Security
added 2024/10/29 11:2 a.m.9 views

Law Enforcement Deanonymizes Tor Users

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/09/19 8:27 p.m.9 views

Tor anonymity compromised by law enforcement. Is it still safe to use?

Despite people generally considering the Tor network as an essential tool for anonymous browsing, german law enforcement agencies have managed to de-anonymize Tor users after putting surveillance on Tor servers for months. Before we go into the what the agencies did, let's take a look at some...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/16 12:0 a.m.4 views

PT-2022-26145 · Unknown · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions 5.0 through 5.6 Description: Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management SCIM account management enabled, it might theoretically be possible for an...

3.7CVSS3.8AI score0.00508EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.6 views

CVE-2022-41914 Non-constant-time SCIM token comparison in Zulip Server

Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...

3.7CVSS4.1AI score0.00508EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/16 12:0 a.m.28 views

CVE-2022-41914 Non-constant-time SCIM token comparison in Zulip Server

Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...

3.7CVSS4.4AI score0.00508EPSS
Exploits0References2
OSV
OSV
added 2022/11/16 12:0 a.m.20 views

CVE-2022-41914 Non-constant-time SCIM token comparison in Zulip Server

Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...

3.7CVSS4.7AI score0.00508EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.3 views

Qlik Community 信息泄露漏洞

Qlik Community is a data analytics solution. Qlik Community suffers from an information disclosure vulnerability that originates from allowing a remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system...

5.3CVSS5.9AI score0.01356EPSS
Exploits0References7
NVD
NVD
added 2020/09/14 2:15 p.m.23 views

CVE-2020-12788

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...

7.5CVSS0.01336EPSS
Exploits0References1
Prion
Prion
added 2020/09/14 2:15 p.m.15 views

Code injection

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...

5CVSS7.5AI score0.01336EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/14 1:24 p.m.31 views

CVE-2020-12788

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...

7.5AI score0.01336EPSS
Exploits0References1
CVE
CVE
added 2020/09/14 1:24 p.m.45 views

CVE-2020-12788

The CVE concerns CMAC verification in Microchip Atmel ATSAMA5 products. The issue stems from side-channel weaknesses (timing and power analysis) during CMAC verification, which could potentially expose sensitive information. Connected documents reiterate the affected target as ATSAMA5, but do not...

7.5CVSS7.5AI score0.01336EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2019/09/11 1:9 p.m.2 views

NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer. DubbedNetCAT , short for Network Cach...

4.8CVSS6.8AI score0.00753EPSS
Exploits0
OSV
OSV
added 2018/11/20 9:29 a.m.4 views

CVE-2018-10099

Google Monorail before 2018-04-04 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with duplicated columns can be used to obtain sensitive information about the content of bug reports...

5.3CVSS5.8AI score0.00341EPSS
Exploits1References3
OSV
OSV
added 2018/08/22 12:0 a.m.5 views

UBUNTU-CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.5AI score0.03623EPSS
Exploits0References4
OSV
OSV
added 2018/08/22 12:0 a.m.3 views

UBUNTU-CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.6AI score0.03623EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

OpenSSL 0.9.x CBC Error Information Leakage Weakness

No description provided by source. source: http://www.securityfocus.com/bid/6884/info A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leaked by...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.4 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/03/04 9:5 p.m.6 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
Rows per page
Query Builder