Lucene search
K

3242 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/17 12:0 a.m.23 views

RHEL 8 : firefox (RHSA-2024:3952)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3952 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.6CVSS7.5AI score0.0107EPSS
Exploits1References16
OSV
OSV
added 2024/06/15 11:7 p.m.8 views

MGASA-2024-0222 Updated nss & firefox packages fix security vulnerabilities

Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...

8.6CVSS7.5AI score0.0107EPSS
Exploits1References5
CNVD
CNVD
added 2024/06/14 12:0 a.m.7 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2024-29332)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from a timing attack that discloses external protocol handlers, which can be exploited by an attacker to guess which...

4.3CVSS6.4AI score0.00736EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/13 12:0 a.m.28 views

SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2024:2012-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory. - Update to version 115.12.0 ESR bsc1226027 - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in...

8.6CVSS6.8AI score0.0107EPSS
Exploits2References18
OSV
OSV
added 2024/06/11 1:15 p.m.1 views

DEBIAN-CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.3CVSS6.5AI score0.00736EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/11 2:6 a.m.3 views

SUSE CVE-2024-36405

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...

5.5CVSS6.8AI score0.00515EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.1 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from a timing attack that discloses external protocol handlers, which can be exploited by an attacker to guess which...

4.3CVSS5.9AI score0.00736EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2024/06/11 12:0 a.m.21 views

Mozilla Firefox Security Advisory (MFSA2024-25) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2024-25. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

9.8CVSS8.3AI score0.0107EPSS
Exploits2References15
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/10 10:47 p.m.64 views

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION:...

7.5CVSS9.2AI score0.99999EPSS
Exploits21Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.23 views

OpenSSL 0.9.6 < 0.9.6i Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.6i. It is, therefore, affected by a vulnerability as referenced in the 0.9.6i advisory. - ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher...

5CVSS8.3AI score0.13718EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.25 views

OpenSSL 0.9.7 < 0.9.7a Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.7a. It is, therefore, affected by a vulnerability as referenced in the 0.9.7a advisory. - ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher...

5CVSS8.3AI score0.13718EPSS
Exploits0References3
NVD
NVD
added 2024/06/06 7:16 p.m.24 views

CVE-2024-5124

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...

7.5CVSS0.01411EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 7:16 p.m.5 views

CVE-2024-5124

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...

7.5CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2024/06/06 6:54 p.m.35 views

CVE-2024-5124 Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...

7.5CVSS0.01411EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/06 6:54 p.m.15 views

CVE-2024-5124 Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...

7.5CVSS6.8AI score0.01411EPSS
Exploits1References2
CVE
CVE
added 2024/06/06 6:54 p.m.57 views

CVE-2024-5124

CVE-2024-5124 affects gaizhenbiao/chuanhuchatgpt (version 20240310) with a timing-attack in the password comparison logic that uses the Python '=' operator. An attacker could infer correct passwords by measuring per-character comparison timing, potentially exposing credentials. The root cause is ...

7.5CVSS7.5AI score0.01411EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 2:26 p.m.11 views

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

7AI score
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

ChuanhuChatGPT Information Disclosure Vulnerability

ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and other LLMs. ChuanhuChatGPT suffers from an information disclosure vulnerability that stems from a timing attack vulnerability in the password comparison logic...

7.5CVSS6.4AI score0.01411EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-34569 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240310 Description: A timing attack vulnerability exists in the password comparison logic of the gaizhenbiao/chuanhuchatgpt repository. The vulnerability arises from the use of the '=' operator in Python f...

7.5CVSS7.6AI score0.01411EPSS
Exploits1References10
OSV
OSV
added 2024/06/05 3:10 p.m.9 views

GO-2024-2734 1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel

1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

5.9CVSS4.8AI score0.0038EPSS
Exploits0References3
Rows per page
Query Builder