3242 matches found
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
The vulnerability of the secure_compare() function in the Mojolicious module allows a hacker to obtain the length of the secret string.
The vulnerability of the securecompare function in the Mojolicious module relates to manipulating an unknown input, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow a remote attacker to obtain the length of the secret string...
RHEL 6 : tomcat5 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: security manager bypass via IntrospectHelper utility function CVE-2016-5018 - The Realm...
RHEL 9 : ovmf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: AES OCB fails to encrypt some bytes CVE-2022-2097 - openssl: timing attack in RSA Decryption...
RHEL 8 : ovmf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: 0-byte record padding oracle CVE-2019-1559 - openssl: timing attack in RSA Decryption...
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials...
GHSA-7M2V-X7RG-5HM5 silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials...
PT-2024-40165 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows user enumeration through a timing attack on the login or password reset pages using user credentials. Recommendations: At the moment, there is no information about ...
Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.
A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...
CVE-2024-26306
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...
SUSE-SU-2024:0638-2 Security update for gnutls
This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust bsc1218862. - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data bsc1218865...
RHEL 6 : rack-protection (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rack-protection: Timing attack in authenticitytoken.rb CVE-2018-1000119 Note that Nessus has not tested for this...
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: the crehash script allows command injection CVE-2022-2068 - The OpenSSL DSA signature algorithm...
CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...
CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...
OESA-2024-1517 perl-Mojolicious security update
Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...
OESA-2024-1518 perl-Mojolicious security update
Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...
OESA-2024-1519 perl-Mojolicious security update
Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...
Oracle Linux 9 : skopeo (ELSA-2024-2239)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2239 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...