Lucene search
K

3242 matches found

Veracode
Veracode
added 2024/04/29 7:35 a.m.20 views

Information Disclosure Through Timing Attack

mdanter/ecc is vulnerable to Sensitive Information Disclosure. The vulnerability is due to computing point addition in a non constant time, which allows an attacker to deduce the private key by comparing the time it takes to compute each point addition...

4.3CVSS6.7AI score0.00408EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.27 views

RHEL 7 : firefox (RHSA-2024:1486)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1486 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.8CVSS7.8AI score0.047EPSS
Exploits4References23
OSV
OSV
added 2024/04/26 8:4 a.m.8 views

SUSE-SU-2024:1447-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 jscPED-3360, jscPED-3361 EP11: Add support for FIPS-session mode CVE-2024-0914: Updates to harden against RSA timing attacks bsc1219217 Bug fixes - provide userpkcs11 and grouppkcs11 Upgrade to version...

5.9CVSS6.7AI score0.00878EPSS
Exploits0References3
OSV
OSV
added 2024/04/25 5:15 p.m.8 views

AZL-43687 CVE-2024-2467 affecting package perl-Crypt-OpenSSL-RSA 0.31-6

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.2AI score0.00516EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.5 views

PT-2024-40040 · Gnu · Gmp

Name of the Vulnerable Software and Affected Versions: PHPECC affected versions not specified Description: The issue concerns malleable ECDSA signature attacks. When generating new ECDSA signatures, the use of the GMPMath adapter, which wraps the GNU Multiple Precision arithmetic library GMP,...

9.1CVSS6.8AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/22 1:14 a.m.2 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
OSV
OSV
added 2024/04/18 4:44 p.m.15 views

GHSA-6M9H-2PR2-9J8F 1Panel's password verification is suspected to have a timing attack vulnerability

Summary 源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...

5.9CVSS5.4AI score0.0038EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/04/18 4:44 p.m.18 views

1Panel's password verification is suspected to have a timing attack vulnerability

Summary 源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...

5.9CVSS4.6AI score0.0038EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/18 2:56 p.m.18 views

CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...

3.9CVSS6.9AI score0.0038EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/18 2:56 p.m.21 views

CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...

3.9CVSS4.6AI score0.0038EPSS
Exploits0References2
OSV
OSV
added 2024/04/18 2:56 p.m.7 views

CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...

3.9CVSS6AI score0.0038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.6 views

PT-2024-3101 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.3-lts Description: The issue is related to the password verification in the source code of 1Panel, which uses the != symbol instead of hmac.Equal. This may lead to a timing attack vulnerability, potentially...

5.9CVSS7.5AI score0.0038EPSS
Exploits0References11
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/18 12:0 a.m.29 views

1Panel's password verification is suspected to have a timing attack vulnerability

源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac. Equal to...

5.9CVSS5.4AI score0.0038EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/04/11 6:18 p.m.7 views

USN-6727-2 nss regression

USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that NSS incorrectly handled...

5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/04/09 3:7 a.m.3 views

SUSE CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

7.5CVSS6.9AI score0.00507EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/04/08 9:13 a.m.6 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
OSV
OSV
added 2024/04/08 12:15 a.m.2 views

DEBIAN-CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

7.5CVSS7.3AI score0.00507EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 12:15 a.m.9 views

AZL-45018 CVE-2020-36829 affecting package perl-Mojolicious 8.57-3

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

7.5CVSS5.8AI score0.00507EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 12:15 a.m.8 views

AZL-43936 CVE-2020-36829 affecting package perl-Mojolicious 8.57-3

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

7.5CVSS5.8AI score0.00507EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 12:15 a.m.3 views

UBUNTU-CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

7.5CVSS5.8AI score0.00507EPSS
Exploits0References4
Rows per page
Query Builder