Lucene search
K

3242 matches found

RedHat Linux
RedHat Linux
added 2024/06/05 2:47 p.m.3 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.7AI score0.93305EPSS
Exploits4References6
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.6 views

The vulnerability of the secure_compare() function in the Mojolicious module allows a hacker to obtain the length of the secret string.

The vulnerability of the securecompare function in the Mojolicious module relates to manipulating an unknown input, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow a remote attacker to obtain the length of the secret string...

7.8CVSS7.1AI score0.00507EPSS
Exploits0References5Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.31 views

RHEL 6 : tomcat5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: security manager bypass via IntrospectHelper utility function CVE-2016-5018 - The Realm...

9.1CVSS7.3AI score0.10303EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 9 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: AES OCB fails to encrypt some bytes CVE-2022-2097 - openssl: timing attack in RSA Decryption...

7.5CVSS8.4AI score0.16195EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.32 views

RHEL 8 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: 0-byte record padding oracle CVE-2019-1559 - openssl: timing attack in RSA Decryption...

7.5CVSS8.5AI score0.17139EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/05/27 9:45 p.m.13 views

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials...

7.3AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/27 9:45 p.m.13 views

GHSA-7M2V-X7RG-5HM5 silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials...

7.3AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.2 views

PT-2024-40165 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows user enumeration through a timing attack on the login or password reset pages using user credentials. Recommendations: At the moment, there is no information about ...

7.2AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.47 views

Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

9.1CVSS6.4AI score0.10303EPSS
Exploits5References20
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.2 views

golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...

7.5CVSS7.3AI score0.0125EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/05/14 3:8 p.m.84 views

CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9CVSS6.6AI score0.01107EPSS
Exploits0References4
OSV
OSV
added 2024/05/13 10:2 a.m.11 views

SUSE-SU-2024:0638-2 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust bsc1218862. - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data bsc1218865...

7.5CVSS6.8AI score0.01614EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.32 views

RHEL 6 : rack-protection (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rack-protection: Timing attack in authenticitytoken.rb CVE-2018-1000119 Note that Nessus has not tested for this...

6AI score0.02489EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.226 views

RHEL 8 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: the crehash script allows command injection CVE-2022-2068 - The OpenSSL DSA signature algorithm...

8.7AI score0.95764EPSS
Exploits10References4
Vulnrichment
Vulnrichment
added 2024/05/10 3:57 p.m.9 views

CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...

6.3CVSS6.6AI score0.00765EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/10 3:57 p.m.14 views

CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...

6.3CVSS6.3AI score0.00765EPSS
Exploits0References3
OSV
OSV
added 2024/05/10 11:7 a.m.4 views

OESA-2024-1517 perl-Mojolicious security update

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

7.5CVSS6.9AI score0.00549EPSS
Exploits1References3
OSV
OSV
added 2024/05/10 11:7 a.m.3 views

OESA-2024-1518 perl-Mojolicious security update

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

7.5CVSS6.9AI score0.00549EPSS
Exploits1References3
OSV
OSV
added 2024/05/10 11:7 a.m.3 views

OESA-2024-1519 perl-Mojolicious security update

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

7.5CVSS6.9AI score0.00549EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.60 views

Oracle Linux 9 : skopeo (ELSA-2024-2239)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2239 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...

9.8CVSS7AI score0.04561EPSS
Exploits0References2
Rows per page
Query Builder