Lucene search
K

3242 matches found

Cvelist
Cvelist
added 2024/04/07 12:0 a.m.41 views

CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

6.4AI score0.00507EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.6 views

PT-2024-3925 · Unknown +2 · Mojolicious +2

Name of the Vulnerable Software and Affected Versions: Mojolicious module versions 1.74 through 8.64 Description: The issue is related to a timing attack vulnerability in the secure compare function of the Mojolicious module for Perl. This vulnerability allows an attacker to manipulate unknown...

7.8CVSS7.5AI score0.00549EPSS
Exploits1References25
CVE
CVE
added 2024/04/07 12:0 a.m.44 views

CVE-2020-36829

CVE-2020-36829 affects the Mojolicious Perl module prior to 8.65, with the secure_compare timing attack enabling an attacker to infer the length of a secret string (only versions after 1.74 are affected). Connected advisories confirm affected software and fixes: Debian LTS advisory DLA-3846-1 sta...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/04/07 12:0 a.m.15 views

CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

7.5CVSS7.3AI score0.00507EPSS
Exploits0
NVD
NVD
added 2024/03/29 5:15 a.m.16 views

CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

5.9CVSS5.8AI score0.00497EPSS
Exploits1References2
OSV
OSV
added 2024/03/29 5:15 a.m.18 views

CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

5.9CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/29 4:35 a.m.15 views

CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

5.9CVSS7AI score0.00497EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/29 4:35 a.m.24 views

CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

5.9CVSS6AI score0.00497EPSS
Exploits1References2
CVE
CVE
added 2024/03/29 4:35 a.m.91 views

CVE-2024-1729

The CVE-2024-1729 entry concerns a timing-attack vulnerability in gradio-app/gradio, specifically in the login workflow (routes.py) where credentials are validated with a direct comparison (app.auth[username] == password). This timing discrepancy can allow an attacker to guess valid credentials b...

5.9CVSS5.7AI score0.00497EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.4 views

Gradio 安全漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a security vulnerability that stems from a password checking condition that is susceptible to a timing attack to guess passwords...

5.9CVSS5.8AI score0.00497EPSS
Exploits1References3
OSV
OSV
added 2024/03/27 7:40 p.m.12 views

MGASA-2024-0094 Updated thunderbird packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS9.5AI score0.01285EPSS
Exploits4References4
Mageia
Mageia
added 2024/03/27 7:40 p.m.68 views

Updated thunderbird packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS8.4AI score0.01285EPSS
Exploits4References3
OSV
OSV
added 2024/03/27 7:24 p.m.11 views

MGASA-2024-0092 Updated nss firefox, nss packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS9.5AI score0.047EPSS
Exploits4References7
Mageia
Mageia
added 2024/03/27 7:24 p.m.72 views

Updated nss firefox, nss packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS8.5AI score0.047EPSS
Exploits4References6
Rockylinux
Rockylinux
added 2024/03/27 4:34 a.m.36 views

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

8.8CVSS8.3AI score0.01285EPSS
Exploits5
Rockylinux
Rockylinux
added 2024/03/27 4:34 a.m.108 views

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

8.8CVSS8.6AI score0.047EPSS
Exploits4
OSV
OSV
added 2024/03/27 2:4 a.m.6 views

SUSE-SU-2024:1002-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 bsc1221850. - CVE-2024-29944: Privileged JavaScript Execution via Event Handlers bmo1886852. Firefox Extended Support Release 115.9.0 ESR bsc1221327: - CVE-2024-0743: Crash in N...

8.8CVSS7.3AI score0.047EPSS
Exploits5References23
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.37 views

Fedora 38 : thunderbird (2024-5d080305ab)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d080305ab advisory. Update to 115.9.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/...

8.8CVSS7.3AI score0.01285EPSS
Exploits4References11
RedHat Linux
RedHat Linux
added 2024/03/26 9:31 a.m.1 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.6 views

PT-2024-12445 · Ibm · Ibm Common Cryptographic Architecture

Name of the Vulnerable Software and Affected Versions: IBM Common Cryptographic Architecture versions 7.0.0 through 7.5.36 Description: Under certain conditions, RSA operations performed by the software may exhibit non-constant-time behavior, allowing a remote attacker to obtain sensitive...

3.7CVSS6.8AI score0.00452EPSS
Exploits0References7
Rows per page
Query Builder