3236 matches found
CVE-2024-47869
Summary (CVE-2024-47869): Gradio (Python) contains a timing-attack vulnerability in the analytics_dashboard hash comparison that is not performed in constant time. An attacker could infer the correct hash byte-by-byte by measuring response times, potentially gaining unauthorized access to the ana...
CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...
CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...
CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...
Timing Attack
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Timing Attack due to the analyticsdashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different...
GHSA-J757-PF57-F8R4 Gradio performs a non-constant-time comparison when comparing hashes
Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of differen...
Gradio performs a non-constant-time comparison when comparing hashes
Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of differen...
Gradio 安全漏洞
Gradio, an open source Python library open-sourced by Hugging Face, is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a security vulnerability that stems from the fact that comparisons are not done in constant time, which can be exploited by an...
PT-2024-28664 · Veertu · Veertu Anka Build
Name of the Vulnerable Software and Affected Versions: Veertu Anka Build version 1.42.0 Description: A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build. The vulnerability occurs during Anka node agent update, allowing a low privilege user to trigger...
Timing Attack
basic-auth-connect is vulnerable to Timing Attack. The vulnerability is due to improper implementation of the equality comparison, where the comparison function reveals differences in the time taken to process incorrect versus correct input, allowing an attacker to infer sensitive information bas...
basic-auth-connect 安全漏洞
basic-auth-connect is an expressjs open source basic authentication middleware for nodes and connections. A security vulnerability exists in basic-auth-connect versions prior to 1.1.0, which stems from the use of timing insecure equality comparisons, which can leak timing information...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
PYSEC-2024-290
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
OpenSlides 安全漏洞
OpenSlides is a free, web-based presentation and assembly system from OpenSlides Open Source. It is used to manage and project agendas, motions and elections for assemblies. A security vulnerability exists in OpenSlides version 4.0.15 that originates from validating a password by comparing the...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
CVE-2024-22893
OpenSlides 4.0.15 is affected by a timing-attack vulnerability in password verification, where the hash comparison runs in a content-dependent way. This can allow an attacker to infer information about password hashes. Details across sources consistently identify the affected version as 4.0.15 an...
PT-2024-19601 · Unknown · Openslides
Name of the Vulnerable Software and Affected Versions: OpenSlides version 4.0.15 Description: The issue allows attackers to obtain information about the password hash using a timing attack, as the password verification function in OpenSlides has content-dependent runtime. This means the function...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-2467)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...